Page 51 - CISSO_Prep_ Guide
P. 51
security managers are firm in certain areas - perhaps they came
from an application development area or a networking
background. Then they are very comfortable with those areas of
security but may have no experience in Legal, Business
Continuity, or Cryptography. To be an effective security
manager, they must gain knowledge and experience in all areas
of security. Security is not adequate if it is only focused on
networks but is weak in applications. Security must be woven
through all departments of the organization, as described earlier.
It must also be integrated into every level of the organization and
each system. Excellent network security cannot compensate
adequately for application flaws, hardware failures, or lack of
training of users.
The security manager plays a crucial role in defining the security
strategy for the organization, managing the security team,
administering the budget, tracking the security projects, and
reporting to management on the status of security controls,
incidents, and compliance. The security manager sets the tone for
the security department and must ensure that all security
personnel is trained, doing their jobs competently and legally and
that all incidents are investigated and resolved accurately.
Security Officer
The security officer works under the direction of the security
manager within the Security department. Most of this book will
deal with the responsibilities of the security officer - a
professional that is instrumental in designing, implementing,
monitoring, and enforcing security controls and assists with
educating managers and users in security concepts and
procedures. A security officer is often the prime person to
manage an investigation into a security incident or user
