INTRODUCTION TO SECURITY AND PERSONNEL

When implementing information security, there are several human resource issues that should be addressed. They are

•    Positioning and naming
•    Staffing
•    By valuating impact of information security across the role in IT function
•    By integrating solid information security concepts into persons practices

Employees feel threatened when organization is creating or enhancing overall information security program.

 Positioning and Staffing the Security Function

Security function can be placed within the following:

- IT function
- Administrative services function
- Insurance and risk management function
-Physical security function
- Legal department

Organizations balance requirements of enforcement with the requirement for education, training, awareness, and customer service.

Staffing the Information Security Function

Selecting personnel is based on several criteria, including supply and demand. Many professionals enter security market by gaining experience, skills, and credentials. Presently information security industry is in period of high demand.


 Credentials of Information Security Professionals

Many organizations seek recognizable certifications where most of the existing certifications are new and not fully understood by hiring organizations. Certifications include: TICSA; Security+; CISSP and SSCP; CISA and CISM; GIAC; SCP; IISFA’s Certified Information Forensics Investigator.

Cost of Being Certified

Better certifications can be much expensive even experienced professionals find it difficult to take an exam without preparation. Many candidates teach themselves through trade press books; others prefer structure of formal training.

Advice for Information Security Professionals

Always keep in mind that business before technology. Technology offers elegant solutions for some problems, but increases difficulties for others. Never lose the sight of target: protection. Be heard and not seen. Be more skillful than you let on; know more than you say. Speak to users, not at them. Know that is education can never be completed.


 Separation of Duties and Collusion

Separation of duties --control used to reduce the chance of individual violating information security; stipulates completion of significant task requires at least two people. Figure given below depicts how to prevent collusion.

Collusion – dishonest workers conspiring to commit unauthorized task.

Two-man control – The two individuals review and approve work of each other before the task is categorized as finished.

Job rotation – Employees know each others’ job skills.

 

 

                      

Posted Date: 10/9/2012 2:54:32 AM | Location : United States

Ask an Expert

Related Discussions:- Introduction to security and personnel, Assignment Help, Ask Question on Introduction to security and personnel, Get Answer, Expert's Help, Introduction to security and personnel Discussions

Write discussion on Introduction to security and personnel
Your posts are moderated

Write your message here..

Related Questions

Selecting a risk control strategy, Selecting a Risk Control Strategy Risk... Selecting a Risk Control Strategy Risk controls involve selecting one of the 4 risk control strategies for every vulnerability. The flowchart is shown in the figure given below

AES, define . define .

Deployment and implementing of an ids, DEPLOYMENT AND IMPLEMENTING OF AN ID... DEPLOYMENT AND IMPLEMENTING OF AN IDS The strategy for deploying IDS should consider various factors. These factors will determine the number of administrators required to insta

Define byte stuffing, Sometimes the special character may see in data and a... Sometimes the special character may see in data and as a part of data they will be misinterpreted as packet data. The solution to this cause is Byte stuffing.   In general to

Star topology, In Star topology all computers are connected using a cen... In Star topology all computers are connected using a central device known as hub. Star networks are one of the most general computer network topologies. In its simplest way, a

What is the size of the initialization vector n wpa, Question : Wi-Fi p... Question : Wi-Fi protected access (WPA) was specified by the Wi-Fi alliance with the primary aim of enhancing the security of existing 802.11 networks. However, WPA was only a

Use the chinese remainder theorem to evaluate x, Use the Chinese remainder ... Use the Chinese remainder theorem to evaluate x from the following simultaneous congruences: x ≡ 1 (mod 2); x ≡ 2 (mod 3); x ≡ 3 (mod 5). Calculate gcd(14526, 2568). (

802.11 wireless lans and csma/ca, 802.11 WIRELESS LANs AND CSMA/CA:  ... 802.11 WIRELESS LANs AND CSMA/CA:  IEEE 802.11 is standard wireless LAN that needs radio signals at 2.4GHz. Its speed is 11Mbps. The older computers use radio signals at data

Ip datagram header format, IP DATAGRAM HEADER FORMAT:  It is given in... IP DATAGRAM HEADER FORMAT:  It is given in the figure below:   In the table: VERS denotes the version of IP. H.LEN denotes the header length in units of

Explain what is a broadcast storm, QUESTION: (a) Ethernet has grown in ... QUESTION: (a) Ethernet has grown in popularity in the recent years and is now used in LANs. Give three reasons for the success behind Ethernet. (b) Ethernet uses the CSMA/CD