INTRODUCTION TO SECURITY AND PERSONNEL

When implementing information security, there are several human resource issues that should be addressed. They are

•    Positioning and naming
•    Staffing
•    By valuating impact of information security across the role in IT function
•    By integrating solid information security concepts into persons practices

Employees feel threatened when organization is creating or enhancing overall information security program.

 Positioning and Staffing the Security Function

Security function can be placed within the following:

- IT function
- Administrative services function
- Insurance and risk management function
-Physical security function
- Legal department

Organizations balance requirements of enforcement with the requirement for education, training, awareness, and customer service.

Staffing the Information Security Function

Selecting personnel is based on several criteria, including supply and demand. Many professionals enter security market by gaining experience, skills, and credentials. Presently information security industry is in period of high demand.


 Credentials of Information Security Professionals

Many organizations seek recognizable certifications where most of the existing certifications are new and not fully understood by hiring organizations. Certifications include: TICSA; Security+; CISSP and SSCP; CISA and CISM; GIAC; SCP; IISFA’s Certified Information Forensics Investigator.

Cost of Being Certified

Better certifications can be much expensive even experienced professionals find it difficult to take an exam without preparation. Many candidates teach themselves through trade press books; others prefer structure of formal training.

Advice for Information Security Professionals

Always keep in mind that business before technology. Technology offers elegant solutions for some problems, but increases difficulties for others. Never lose the sight of target: protection. Be heard and not seen. Be more skillful than you let on; know more than you say. Speak to users, not at them. Know that is education can never be completed.


 Separation of Duties and Collusion

Separation of duties --control used to reduce the chance of individual violating information security; stipulates completion of significant task requires at least two people. Figure given below depicts how to prevent collusion.

Collusion – dishonest workers conspiring to commit unauthorized task.

Two-man control – The two individuals review and approve work of each other before the task is categorized as finished.

Job rotation – Employees know each others’ job skills.

 

 

                      

Posted Date: 10/9/2012 2:54:32 AM | Location : United States

Ask an Expert

Related Discussions:- Introduction to security and personnel, Assignment Help, Ask Question on Introduction to security and personnel, Get Answer, Expert's Help, Introduction to security and personnel Discussions

Write discussion on Introduction to security and personnel
Your posts are moderated

Write your message here..

Related Questions

Ciphertext, Encode the following plaintext, using the Caesar cipher: ... Encode the following plaintext, using the Caesar cipher: LORD OF THE RINGS b) The following ciphertext jw njbh lxmn cx kanjt has been encoded using a

Tree decomposition, (a) Define what you understand by the following terms ... (a) Define what you understand by the following terms in Network Flows: i) UnDirected Path ii) Directed Path iii) Directed Cycle. iv) Tree In each of the above, expla

Deploying host-based idss, Deploying Host-Based IDSs -Proper implementat... Deploying Host-Based IDSs -Proper implementation of HIDSs can be painstaking and time-consuming task .The process of deployment begins with implementing most critical systems fi

Attacks on cryptosystems-cryptography, Attacks on Cryptosystems Attacks a... Attacks on Cryptosystems Attacks are attempts to achieve unauthorized access to secure communications have characteristically used brute force attacks. Attacker may alternatively

Ip datagram format, IP DATAGRAM SIZE:  Datagrams may have different si... IP DATAGRAM SIZE:  Datagrams may have different sizes i.e. Header area is generally fixed (20 octets) but can have various options. Data area may contain between 1 octet and 6

CS, Discuss how developers should apply the following countermeasures to im... Discuss how developers should apply the following countermeasures to improve the security of their code:

Information asset classification-risk management, Information asset classif... Information asset classification-risk management A number of organizations have data classification schemes (for instance confidential, internal, public data). The classificat

Securing the components-information security, SECURING THE COMPONENTS Co... SECURING THE COMPONENTS Computer can be subject of an attack or the object of an attack. When subject of an attack, computer is used as lively tool to conduct attack. The figure

CNSS Security model, "Using the CNSS Model, examine each of the cells and w... "Using the CNSS Model, examine each of the cells and write a brief statement on how you would address the components respesented in that cell"

Access controls-information security, Access Controls Access controls ad... Access Controls Access controls addresses admission of a user into a trusted area of organization. It comprises of a combination of policies & technologies. The ways to control