search

What general attributes do organizations seek in candidates when hiring information security professionals across all positions?

1 Jahrs vor
Kommentare: 0
Ansichten: 29

  • School Franklin University
  • Course Title ISEC 300
  • Pages 3
  • Ratings 100% (1) 1 out of 1 people found this document helpful

Show

This preview shows page 1 - 3 out of 3 pages.

HOMEWORK 111Homework 11Nicholas LewellenISEC300-V1WWProf. Ron Inskeep3/27/17

HOMEWORK 112Homework 11(Whitman & Mattord, 2011, p. 505) List and describe the options available for the location of theinformation security functions within the organization. Discuss the advantages and disadvantages ofeach option.

Get answer to your question and much more

(Whitman & Mattord, 2011, p. 505) What general attributes do organization seek in candidates whenhiring information security professionals across all positions? Prioritize the list and justify your ranking.

Get answer to your question and much more

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 3 pages?

Upload your study docs or become a

Course Hero member to access this document

______________________________________________________________________________Security TechnicianThe technical qualifications and position requirements for a security technician vary.Organizations prefer the expert, certified, proficient technician. Regardless of the area,the particular job description covers some level of experience with a particular hardwareand software package. Sometimes familiarity with a technology secures an applicant aninterview; however, actual experience in using the technology is usually required.4.What are some of the factors that influence an organization’s information securityhiring decisions?When hiring information security professionals, organizations frequently look forindividuals who understand:How an organization operates at all levelsInformation security is usually a management problem and is seldom anexclusively technical problemPeople and have strong communications and writing skillsThe roles of policy and education and trainingThe threats and attacks facing an organizationHow to protect the organization from attacksHow business solutions can be applied to solve specific information securityproblemsMany of the most common mainstream IT technologies as generalistsThe terminology of IT and information securityEach candidate for the position must have a wide range of knowledge to bring to theorganizations security sector.1.Definers – develop the product and technical architectures and do consulting andrisk assessment.2.Builders – create and install security solutions.3.Administrators – operate and administrate the security tools and the securitymonitoring and try to continuously improve processes.5.What general attributes do organizations seek in a candidate when hiringinformation security professionals across all positions? Prioritize the list and justify yourranking.Many organizations look for a technically qualified information security generalist, witha solid understanding of how an organization operates. When hiring information securityprofessionals, organizations will look for the following attributes in the order ofimportance.Organizations will seek an individual who understands:How to protect the organization from information security attacks_____________________________________________________________________________________________Page: 93

Nội dung chính

  • Cited by (0)
  • Competence according to ISO 27001
  • What competencies should you look for?
  • Seek what goes beyond the obvious
  • What are the general attributes do organizations seek in candidates when hiring information security professionals across different positions?
  • What are the factors to be considered when implementing the information system security of the Organisation?
  • Who in an organization should decide where in the organizational structure the information security function is located Why?
  • Why is information security important for professionals?

  • View PDF

Under a Creative Commons license

Open access

Abstract

Decision-making in the context of organizational information security is highly dependent on various information. For information security managers, not only relevant information has to be clarified but also their interdependencies have to be taken into account. Thus, the purpose of this research is to develop a comprehensive model of relevant management success factors (MSF) for organizational information security. First, a literature survey with an open-axial-selective analysis of 136 articles was performed to identify factors influencing information security. These factors were categorized into 12 areas: physical security, vulnerability, infrastructure, awareness, access control, risk, resources, organizational factors, CIA, continuity, security management, compliance & policy. Second, an interview series with 19 experts from the industry was used to evaluate the relevance of these factors in practice and explore interdependencies between them. Third, a comprehensive model was developed. The model shows that there are key-security-indicators, which directly impact the security-status of an organization while other indicators are only indirectly connected. Based on these results, information security managers should be aware of direct and indirect MSFs to make appropriate decisions.

Keywords

Key Security Indicators

Security Success

Security Model

Security Management Decision-Making

Expert Interview

Cited by (0)

Rainer Diesch received the degree of M.Sc. from the Ludwig-Maximilians-University of Munich, 2016. At present, he is a member of a research team at the fortiss GmbH, an affiliated institute of the Technical University of Munich. Rainer Diesch is currently doing his Ph.D. in Business Informatics at the Technical University of Munich on the Cair of Information Systems. His research interest includes information security management, security measurement and information management.

Matthias Pfaff received his PhD degree (Dr. rer nat.) in 2018 from the Technical University of Munich in the topic of semantic data integration. He previously studied computer science at the Goethe University Frankfurt (degree Dipl.-Inf). Since 2011 he is working at fortiss, he heads the competence field ǣbusiness model & service engineeringǥ (BM&SE) and is responsible for the fortiss Application Center for AI. His research interests include semantic technologies for data integration and ontologies especially for business applications.

Helmut Krcmar studied business management in Saarbrÿucken and obtained his doctorate in 1983. He worked as a postdoctoral fellow at the IBM Los Angeles Scientific Center and as assistant professor of information systems at the New York University and the City University of New York. Since 2002 he holds the Chair for Information Systems at the Technical University of Munich. From 2010 to 2013, he served as Dean of the Faculty of Computer Science.

© 2020 The Authors. Published by Elsevier Ltd.

Besides proper procedures and technologies, counting on good professionals can make all the difference during implementation and operation of any process or project. The “Apollo 13” movie shows what skilled men can do when procedures and technology fail (remember the “mailbox” device). On the other hand, what are the chances that even the most well-designed racecar can win the championship in the hands of the average driver?

So, in the field of information security, what would make a good professional for your organization? Although this area has become a huge interconnection of knowledge and skills, there are some common attributes found in professionals who stand out from the crowd, which can provide a CEO or HR department head a good start in selecting the proper professional. Let’s talk a little about them.

Competence according to ISO 27001

As the leading framework for management of information security, ISO 27001 has clauses that provide a solid start regarding the use of competencies to achieve desired security outcomes. For example, ISO 27001 clause 7.2 a) requires the organization to define competences that are needed for managing its information security. However, while this clause can be a good requirement for a proposed management system in organizations of any kind/size (defining what is to be done), it does not help a lot in an implementation (how to specify these competencies) – at most, it will help you to define security roles.


What competencies should you look for?

You can define “competency” as a group of four aspects:

  • Knowledge: what you know about a specific issue.
  • Skills: what you can perform based on the knowledge you have or because of a natural aptitude.
  • Experience: what you learned during the time or number of executions of a specific activity.
  • Attitude: behavior that reflects a state of mind or disposition toward something or someone.

A common step in any information security selection is to look for technical knowledge, skills, and experience, and for those you can use certifications as the main reference criteria. The profiles established by certifications like ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, CISSP, CISM, CISA, and CBCI, among others, can help you spot promising candidates, or at least define a set of technical knowledge and skills that a professional should have to fit your organization’s needs (for more information, see: How personal certificates can help your company’s ISMS). Specifically, for the role of Chief Information Security Officer (CISO), we have these two articles you may find interesting: What is the job of Chief Information Security Officer (CISO) in ISO 27001? and Chief Information Security Officer (CISO) – where does he belong in an org chart?

For an organization to increase its chances to find a proper candidate, or for a security professional to increase his/her visibility as one who can add value to a business, there are six characteristics I consider critical to a security professional’s performance:

Business focus and understanding: a security professional should be able to think and demonstrate how security solutions can add value to the business. To do that, he or she must understand the industry, the organization’s market environment, and relevant regulatory and legal requirements.

Systemic view: a security professional should be able to see the overall security needs of an organization, how they can converge or be in conflict, and how single-point changes can affect overall security.

Empathy: a security professional should be able to put himself or herself in the shoes of various users and think about what their needs are. How will they use a process or technology? How will they accidently or intentionally misuse it? By doing that, he or she can better identify risks and find solutions for those identified issues.

Constant learner: a security professional should always seek to learn new ideas and technologies to help users make well-based risk decisions. This is valid for self-improvement, too. He or she must consider his or her career development as a personal business.

Negotiation and communication skills: a security professional should be able to transmit the right idea about how security can add value to a person’s task/process, considering different publics. And as the ideal security is a utopia, he or she should also seek an acceptable compromise between security and usability.

Ethics statement: Why this? You may think this is a pre-requisite for any job position (in truth, for life), and you are right. The point is that saying you are an ethical person is easy, so you should be able to elaborate and present a solid ethical statement to clearly show your beliefs and how you stand by them.

Seek what goes beyond the obvious

Naturally, technical competencies are the logical place to start when selecting a security professional, or to become one that organizations seek to hire, but these tell only part of what makes a great information security professional. To find a professional who is welcomed in any part of the organization as a competent advisor and partner in finding high business value security solutions, the organizations should seek, and practitioners in the market should become, those who are able to understand and work with business units to safely achieve their goals, balancing interpersonal, organizational, and technical competencies.

To see how security skills are integrated as ISO 27001 requirements, try our free online course:  ISO 27001:2013 Foundations Course.

What are the general attributes do organizations seek in candidates when hiring information security professionals across different positions?

Following attributes are seen by the organisation while hiring informational security professional:.

Skill set of the candidate..

Experience level of the candidate in similar job profile..

Technical abilities of the candidate..

Good communication ability..

What are the factors to be considered when implementing the information system security of the Organisation?

These factors were categorized into 12 areas: physical security, vulnerability, infrastructure, awareness, access control, risk, resources, organizational factors, CIA, continuity, security management, compliance & policy.

Who in an organization should decide where in the organizational structure the information security function is located Why?

No one single person should decide on where the information security belongs within the organization. Within different departments there should be someone making decisions on where the information security function belongs depending on the need of that department's goals and resources.

Why is information security important for professionals?

It protects the organisation's ability to function. It enables the safe operation of applications implemented on the organisation's IT systems. It protects the data the organisation collects and uses. It safeguards the technology the organisation uses.

What are the general attributes do organizations seek in candidates when hiring information security professionals across different positions?

Following attributes are seen by the organisation while hiring informational security professional:.
Skill set of the candidate..
Experience level of the candidate in similar job profile..
Technical abilities of the candidate..
Good communication ability..

Why is it important to use specific and clearly defined job descriptions for hiring information security professionals?

It is important to use specific and clearly defined job descriptions for hiring information security professionals because the descriptions can be used to increase the degree of professionalism in the IT field as well as improve the consistency of roles and responsibilities.

What are the three primary aspects of information security risk management?

The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability.

What functions does the security manager perform?

Security Manager.
Manages and trains security guards..
Hires and onboards new security guards..
Sets the security guard staffing schedule..
Creates all security policies and procedures..
Conducts regular security inspections..
Investigates security threats and breaches..
Writes comprehensive security reports..

general attributes organizations seek candidates hiring information security professionals positions

zusammenhängende Posts

What concept makes stockholders only responsible for a portion of the debts of a corporation?
What concept makes stockholders only responsible for a portion of the debts of a corporation?

Which of the following components of the medical history provides a guide to the patientâ € ™ s general health?
Which of the following components of the medical history provides a guide to the patientâ € ™ s general health?

Is the general group of activities in designing the containers or wrappers for the product?
Is the general group of activities in designing the containers or wrappers for the product?

Which of the following hierarchies of biological systems is the largest and contains all of the other levels within it?
Which of the following hierarchies of biological systems is the largest and contains all of the other levels within it?

Who is usually responsible for general financial accounting managerial accounting and tax reporting?
Who is usually responsible for general financial accounting managerial accounting and tax reporting?

Which deployment model is managed by a cloud provider has an infrastructure that is on cloud and is accessible to the general public?
Which deployment model is managed by a cloud provider has an infrastructure that is on cloud and is accessible to the general public?

Which among the following statements best describes the alarm phase of the general adaptation syndrome?
Which among the following statements best describes the alarm phase of the general adaptation syndrome?

The general view of economists is that a pure monopoly will not be technologically progressive
The general view of economists is that a pure monopoly will not be technologically progressive

Which of the following characteristics is the best predictor of job performance job satisfaction general mental ability education personality?
Which of the following characteristics is the best predictor of job performance job satisfaction general mental ability education personality?

Which is the first stage of the general adaptation syndrome GAS in which the body gets ready for quick action?
Which is the first stage of the general adaptation syndrome GAS in which the body gets ready for quick action?

Werbung

NEUESTEN NACHRICHTEN

Wie bekommt man einen Knutschfleck schnell wieder weg?
1 Jahrs vor . durch MaterialReinstatement
Warum kann ich meine Homepage nicht öffnen?
1 Jahrs vor . durch InexhaustibleConflict
Abrechnung mastercard wer ist zuständig
1 Jahrs vor . durch OldVicinity
Which of the following describe Accenture people choose every correct answer
1 Jahrs vor . durch WillingRecurrence
Mobiles Datennetzwerk konnte nicht aktiviert werden Ausland
1 Jahrs vor . durch SubversiveAdage
Wer stirbt in Staffel 8 Folge 24 Greys Anatomy?
1 Jahrs vor . durch PretrialLicence
Wie lange braucht leber um sich vom alkohol zu erholen
1 Jahrs vor . durch ElectromagneticSubcommittee
Is a planned activity at a special event that is conducted for the benefit of an audience.
1 Jahrs vor . durch SleepingEspionage
Welche Spiele kann man mit PC und PS4 zusammen spielen?
1 Jahrs vor . durch PromiscuousOutage
Was tun wenn baby erstickt
1 Jahrs vor . durch FreezingElectricity

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendejahikoptzhth
Urheberrechte © © 2024 de.ketajaman Inc.