SlideShare a Scribd company logo

Security and personnel bp11521

Download as PPT, PDF
Merlin Florrence
Merlin Florrence

Information security

EducationTechnologyNews & Politics
1 of 18
Security And Personnel
Contents:  Introduction  The security function within an Organization’s Structure  Staffing the security function  Qualification and Requirements  Entry into security profession  Information Security Positions  Chief information security officer  Security manager  Security technician  Internal security consultant
Introduction  Each organization should examine the options possible for staffing the information security function.  When implementing security in an organization, there are many human resources issues that must be addressed:  The entire organization must decide how to position and name the security function within an organization.  The information security community of interest must plan for proper staffing for the information security function.  The IT community of interest must understand the impact of information security  The general management community of interest must work with the information security professionals to integrate solid information security concepts
The Security Function within an organization’s structure The security function can be placed within the: IT function, as a peer of other functions such as networks, applications development, and the help desk Physical security function, as a peer of physical security or protective services. Administrative services function, as a peer of human resources or purchasing Insurance and risk management function Legal development
Staffing the security function  Selecting information security personnel is based on a number of criteria.  Some of these factors are within the control of the organization and others some are not.  Some of the services are  Qualifications and requirements  Entry into the security profession  Information security positions
Qualifications and Requirements:  A number of factors influence an organization’s hiring decisions.  Because information security has only recently emerged as a separate discipline, the hiring decisions in this field are further complicated by a lack of understanding among organizations about what qualifications a potential information security hire should exhibit.  Currently in many organizations, information security teams lack established roles and responsibilities.  Establishing better hiring practices in an organization requires the following:  The general management community of interest should learn more about the skills and qualifications for both information security positions and those IT positions that impact information security.
 Upper management should learn more about the budgetary needs of the information security function and the positions within it. This will enable management to make sound fiscal decisions for both the information security function and the IT functions that carry out many of the information security initiatives.  The IT and general management communities should grant appropriate levels of influence and prestige to the information security function, and especially to the role of chief information security officer.  When hiring information security professionals, organizations frequently look for individuals who understand the following:  How an organization operates at all levels  That information security is usually a management problem and is seldom an exclusively technical problem
 How to work with people and collaborate with end users, and the importance of strong communications and writing skills  The role of policy in guiding security efforts, and the role of education and training in making employees and other authorized users part of the solution, rather than part of the problem  Most mainstream IT technologies (not necessarily as experts, but as generalists)  The terminology of IT and information security  The threats facing an organization and how these threats can become attacks  How to protect an organization’s assets from information security attacks  How business solutions (including technology-based solutions) can be applied to solve specific information security problems
Entry into the Information Security Profession  Many information security professionals enter the field through one of two career paths:  ex-law enforcement and military personnel involved in national security and cyber-security tasks, who move from those  environments into business-oriented information security; and technical professionals—networking experts, programmers, database administrators, and systems administrators—who find themselves working on information security applications and processes more often than on traditional IT assignments.  In recent years, a third (perhaps in some sense more traditional) career path has developed: college students who select and tailor their degree programs to prepare for work in the field of information security.
Information Security Positions  The use of standard job descriptions can increase the degree of professionalism in the information security field as well as improve the consistency of roles and responsibilities among organizations.  Organizations anticipating a revision of these roles and responsibilities can consult Charles Cresson Wood’s book Information Security Roles and Responsibilities Made Easy, which offers a set of model job descriptions for information security positions.  The book also identifies the responsibilities and duties of the members of the IT staff whose work involves information security.
Position in information security Chief Security Officer Information Security Consultant Information Security Manager Information Security Administrator Information Security Technician / Engineer Physical Security Manager Physical Security Officer
Chief Information Security Officer (CISO or CSO)  This is typically the top information security officer in the organization.  In many cases, the CISO is the major definer or architect of the information security program.  The CISO performs the following functions:  Manages the overall information security program for the organization  Drafts or approves information security policies  Works with the CIO on strategic plans, develops tactical plans, and works with security managers on operational plans  Develops information security budgets based on available funding  Sets priorities for the purchase and implementation of information security projects and technology  Makes decisions or recommendations on the recruiting, hiring, and firing of security staff  Acts as the spokesperson for the information security team
Security Manager  Security managers are accountable for the day-to-day operation of the information security program.  They accomplish objectives identified by the CISO and resolve issues identified by technicians.  Management of technology requires an understanding of the technology administered, but does not necessarily require proficiency in the technology’s configuration, operation, and fault resolution.
Security Technician  Security technicians are the technically qualified individuals tasked to configure firewalls, deploy IDPSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization’s security technology is properly implemented.  The position of security technician is often entry level, but to be hired in this role, candidates must possess some technical skills.  This often poses a dilemma for applicants as many seeking to enter a new field find it is difficult to get a job without experience—which they can only attain by getting a job.
From internet…  http://www.securitypersonnel.com/  Providing services for securing the business information. • http://system.vccs.edu/its/standards/PersonnelSecurityStandard.htm • Personnel Security Standard Purpose This standard is intended to ensure security controls and related procedures are implemented to protect the privacy, security and integrity of VCCS information technology resources against unauthorized or improper use, and to prevent and detect attempts to compromise information technology resources for any employee who is separated, transferred, or promoted.
 http://www.cpni.gov.uk/advice/Personnel-security1/ Cypher security Personnel security Physical security
Security and personnel bp11521
Security and personnel bp11521

Recommended

Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
Personnel security
Personnel securityPersonnel security
Personnel securityPLN9 Security Services Pvt. Ltd.
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecuritylfh663
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.pptFaheem Ul Hasan
 

Recommended

Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
Personnel security
Personnel securityPersonnel security
Personnel securityPLN9 Security Services Pvt. Ltd.
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecuritylfh663
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.pptFaheem Ul Hasan
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyoneYasir Nafees
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Physical security
Physical securityPhysical security
Physical securityDhani Ahmad
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Physical Security
Physical SecurityPhysical Security
Physical SecurityKriscila Yumul
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxkatherncarlyle
 
Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxdaniahendric
 

More Related Content

What's hot

Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyoneYasir Nafees
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Physical security
Physical securityPhysical security
Physical securityDhani Ahmad
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 

What's hot (20)

Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Information security management
Information security managementInformation security management
Information security management
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Physical security
Physical securityPhysical security
Physical security
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Information security
Information securityInformation security
Information security
 
Physical Security
Physical SecurityPhysical Security
Physical Security
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Security policies
Security policiesSecurity policies
Security policies
 

Similar to Security and personnel bp11521

Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxkatherncarlyle
 
Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxdaniahendric
 
Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...Laura Benitez
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAGeorge Delikouras
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingSwati Gupta
 
Cyber Security Engineer: How to Build a Rewarding Career
Cyber Security Engineer: How to Build a Rewarding CareerCyber Security Engineer: How to Build a Rewarding Career
Cyber Security Engineer: How to Build a Rewarding CareerFredReynolds2
 
Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAbdullahKanash
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Richard Lawson
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!Tammy Clark
 
Information Security Career Day Presentation
Information Security Career Day PresentationInformation Security Career Day Presentation
Information Security Career Day Presentationdjglass
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practiceswacasr
 
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...AmeliaJonas2
 

Similar to Security and personnel bp11521 (20)

Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docx
 
Advisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docxAdvisory from Professionals Preparing Information .docx
Advisory from Professionals Preparing Information .docx
 
Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security Training
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security Training
 
Role management
Role managementRole management
Role management
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIA
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
 
Cyber Security Engineer: How to Build a Rewarding Career
Cyber Security Engineer: How to Build a Rewarding CareerCyber Security Engineer: How to Build a Rewarding Career
Cyber Security Engineer: How to Build a Rewarding Career
 
Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdf
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docx
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec train
 
How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!
 
Information Security Career Day Presentation
Information Security Career Day PresentationInformation Security Career Day Presentation
Information Security Career Day Presentation
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practices
 
ICISS Newsletter Sept 14
ICISS Newsletter Sept 14ICISS Newsletter Sept 14
ICISS Newsletter Sept 14
 
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
 

Recently uploaded

FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsNbelano25
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Amil baba
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 

Recently uploaded (20)

FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 

Security and personnel bp11521

  • 2. Contents:  Introduction  The security function within an Organization’s Structure  Staffing the security function  Qualification and Requirements  Entry into security profession  Information Security Positions  Chief information security officer  Security manager  Security technician  Internal security consultant
  • 3. Introduction  Each organization should examine the options possible for staffing the information security function.  When implementing security in an organization, there are many human resources issues that must be addressed:  The entire organization must decide how to position and name the security function within an organization.  The information security community of interest must plan for proper staffing for the information security function.  The IT community of interest must understand the impact of information security  The general management community of interest must work with the information security professionals to integrate solid information security concepts
  • 4. The Security Function within an organization’s structure The security function can be placed within the: IT function, as a peer of other functions such as networks, applications development, and the help desk Physical security function, as a peer of physical security or protective services. Administrative services function, as a peer of human resources or purchasing Insurance and risk management function Legal development
  • 5. Staffing the security function  Selecting information security personnel is based on a number of criteria.  Some of these factors are within the control of the organization and others some are not.  Some of the services are  Qualifications and requirements  Entry into the security profession  Information security positions
  • 6. Qualifications and Requirements:  A number of factors influence an organization’s hiring decisions.  Because information security has only recently emerged as a separate discipline, the hiring decisions in this field are further complicated by a lack of understanding among organizations about what qualifications a potential information security hire should exhibit.  Currently in many organizations, information security teams lack established roles and responsibilities.  Establishing better hiring practices in an organization requires the following:  The general management community of interest should learn more about the skills and qualifications for both information security positions and those IT positions that impact information security.
  • 7.  Upper management should learn more about the budgetary needs of the information security function and the positions within it. This will enable management to make sound fiscal decisions for both the information security function and the IT functions that carry out many of the information security initiatives.  The IT and general management communities should grant appropriate levels of influence and prestige to the information security function, and especially to the role of chief information security officer.  When hiring information security professionals, organizations frequently look for individuals who understand the following:  How an organization operates at all levels  That information security is usually a management problem and is seldom an exclusively technical problem
  • 8.  How to work with people and collaborate with end users, and the importance of strong communications and writing skills  The role of policy in guiding security efforts, and the role of education and training in making employees and other authorized users part of the solution, rather than part of the problem  Most mainstream IT technologies (not necessarily as experts, but as generalists)  The terminology of IT and information security  The threats facing an organization and how these threats can become attacks  How to protect an organization’s assets from information security attacks  How business solutions (including technology-based solutions) can be applied to solve specific information security problems
  • 9. Entry into the Information Security Profession  Many information security professionals enter the field through one of two career paths:  ex-law enforcement and military personnel involved in national security and cyber-security tasks, who move from those  environments into business-oriented information security; and technical professionals—networking experts, programmers, database administrators, and systems administrators—who find themselves working on information security applications and processes more often than on traditional IT assignments.  In recent years, a third (perhaps in some sense more traditional) career path has developed: college students who select and tailor their degree programs to prepare for work in the field of information security.
  • 10. Information Security Positions  The use of standard job descriptions can increase the degree of professionalism in the information security field as well as improve the consistency of roles and responsibilities among organizations.  Organizations anticipating a revision of these roles and responsibilities can consult Charles Cresson Wood’s book Information Security Roles and Responsibilities Made Easy, which offers a set of model job descriptions for information security positions.  The book also identifies the responsibilities and duties of the members of the IT staff whose work involves information security.
  • 11. Position in information security Chief Security Officer Information Security Consultant Information Security Manager Information Security Administrator Information Security Technician / Engineer Physical Security Manager Physical Security Officer
  • 12. Chief Information Security Officer (CISO or CSO)  This is typically the top information security officer in the organization.  In many cases, the CISO is the major definer or architect of the information security program.  The CISO performs the following functions:  Manages the overall information security program for the organization  Drafts or approves information security policies  Works with the CIO on strategic plans, develops tactical plans, and works with security managers on operational plans  Develops information security budgets based on available funding  Sets priorities for the purchase and implementation of information security projects and technology  Makes decisions or recommendations on the recruiting, hiring, and firing of security staff  Acts as the spokesperson for the information security team
  • 13. Security Manager  Security managers are accountable for the day-to-day operation of the information security program.  They accomplish objectives identified by the CISO and resolve issues identified by technicians.  Management of technology requires an understanding of the technology administered, but does not necessarily require proficiency in the technology’s configuration, operation, and fault resolution.
  • 14. Security Technician  Security technicians are the technically qualified individuals tasked to configure firewalls, deploy IDPSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization’s security technology is properly implemented.  The position of security technician is often entry level, but to be hired in this role, candidates must possess some technical skills.  This often poses a dilemma for applicants as many seeking to enter a new field find it is difficult to get a job without experience—which they can only attain by getting a job.
  • 15. From internet…  http://www.securitypersonnel.com/  Providing services for securing the business information. • http://system.vccs.edu/its/standards/PersonnelSecurityStandard.htm • Personnel Security Standard Purpose This standard is intended to ensure security controls and related procedures are implemented to protect the privacy, security and integrity of VCCS information technology resources against unauthorized or improper use, and to prevent and detect attempts to compromise information technology resources for any employee who is separated, transferred, or promoted.