Chapter 11

Chapter 11 - Learning Objectives Upon completion of this...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 2 Learning Objectives Upon completion of this material, you should be able to: Describe where and how the information security function is positioned within organizations Explain the issues and concerns related to staffing the information security function Identify the credentials that information security professionals can acquire to gain recognition in the field Illustrate how an organization’s employment policies and practices can support the information security effort
Background image of page 2
Principles of Information Security, 3rd Edition 3 Learning Objectives (continued) Present the special security precautions that must be taken when using contract workers Explain the need for the separation of duties Describe the special requirements needed to ensure the privacy of personnel data
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 4 Introduction When implementing information security, there are many human resource issues that must be addressed Positioning and naming Staffing Evaluating impact of information security across every role in IT function Integrating solid information security concepts into personnel practices Employees often feel threatened when organization is creating or enhancing overall information security program
Background image of page 4
Principles of Information Security, 3rd Edition 5 Positioning and Staffing the Security Function The security function can be placed within: IT function Physical security function Administrative services function Insurance and risk management function Legal department Organizations balance needs of enforcement with needs for education, training, awareness, and customer service
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 6 Staffing The Information Security Function Selecting personnel is based on many criteria, including supply and demand Many professionals enter security market by gaining skills, experience, and credentials At present, information security industry is in period of high demand
Background image of page 6
Principles of Information Security, 3rd Edition 7 Qualifications and Requirements The following factors must be addressed: Management should learn more about position requirements and qualifications Upper management should learn about budgetary needs of information security function IT and management must learn more about level of influence and prestige the information security function should be given to be effective Organizations typically look for technically qualified information security generalist
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 8 Qualifications and Requirements (continued) Organizations look for information security professionals who understand: How an organization operates at all levels Information security usually a management problem, not a technical problem Strong communications and writing skills The role of policy in guiding security efforts
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 45

Chapter 11 - Learning Objectives Upon completion of this...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online