Page 16 - CISSO_Prep_ Guide
P. 16

CHAPTER 1: INTRODUCTION TO SECURITY
                                  MANAGEMENT




            Information  Security  management  is  a  relatively  new  field  of
            specialization. Only in the past few years has it emerged as a core
            business requirement and demanded the development of a core
            team of professionals. They must have the skills and expertise
            needed to protect the information assets of the organization and
            know-how  to  manage  information  in  a  reliable,  stable,  and
            acceptable manner. The information security manager must be
            able  to  merge  technology  with  business  and  balance  risk  with
            control  and  productivity.  However,  a  manager  cannot  manage
            something that they do not understand and cannot find ways to
            integrate security into the processes of the organization. What if
            they do not have a thorough understanding of what risk is? What
            if they don’t have answers to questions like what is business and
            business priorities and strategy, what is technology, and how to
            understand and work with staff and customers? The information
            security  manager  must  be  part  diplomat,  part  enforcer,  part
            manager, and part user. The security manager must be able to
            build  a  bridge  between  different  parts  of  the  organization  and
            forge the links between technology and business units that will
            provide  security  across  the  enterprise  and  throughout  the
            organization.
            The first challenge faced by an information security manager is
            to ensure that a common language is used to define security. Why
            it is crucial, and why security is an issue that every person in the
            organization is actually responsible for?

            Yes, everyone is guilty. Some more than others, but the first step
            towards  building  the  culture  and  the  environment  that  creates
   11   12   13   14   15   16   17   18   19   20   21