CIS essay
The ideal job is the job one likes above all. However, often the choice of a job depends on other factors but personal preferences, such as the expected income level, availability of the job in the labor market, and other factors. Nevertheless, there is a job which I consider ideal and which, in my opinion, is prospective and this is the job of the information systems security manager. The job of the information systems security manager is very responsible but I am ready to take the responsibility and to perform this job well because I do like this job and, more important, I consider this job prospective and essential, especially due to the fast development of information technologies and the growing number of threats information systems are exposed to. In this regard the CIS 2010 is very important in terms of the development of my professional career as the information systems security manager because key concepts I have learned from CIS 2010 are relevant to the job and professional duties of the information systems security manager.
In fact, the responsibilities of the information systems security manager are diverse. For instance, the responsibilities of information systems security manager are to manage the implementation and development of an organization’s IT security. In fact, the management and maintenance of IT security is one of the primary concerns of any information systems security manager because the manager has to provide the organization with well-functioning and stable information system and information technologies which perform their functions properly and prevent such threats as information breaches or identity theft, for instance. Today, information systems of organizations are vulnerable to numerous threats and the information systems security manager should come prepared to confront those threats and to develop and to implement an effective information system that can secure the important information and IT of the organization.
In addition, the information systems security manager has to manage security policies, standards and procedures. In fact, the information systems security manager should develop information security policies and set standards which the organization and its employees have to follow. In such a way, the manager takes the full responsibility for the information security of the organization, while the organization has to fulfill all the procedures defined by the information systems security manager properly to minimize the risk of information breaches and other threats the organization may be exposed to. At the same time, the elaboration of policies, standards and procedures require the in-depth knowledge and professional skills of the information systems security manager.
The information systems security manager is also responsible for the coordination of information security inspections, tests and reviews. Obviously, the information systems security cannot function well, if there is no control over the information systems and employees, who create and maintain the information systems security. In fact, the manager should perform the control function accurately because the control will help the manager to perform his/her job properly. Otherwise, even if the information systems security manager has elaborated perfect policies, standards and procedures, the lack of control may ruin them along with the information systems security of the organization. The lack of control may provoke regular violations of existing information systems security policies, standards and procedures set by the manager. As a result, those policies, standards and procedures become ineffective. Instead, the regular and strict control over information systems security policies, standards and procedures will ensure their proper functioning and increase the information security within the organization.
To carry out professional functions and responsibilities properly, the information systems security manager should have well-developed professional skills and abilities. The information systems security manager should have expertise knowledge and skills in such fields as information security governance, information risk management and compliance, information security program development and management, information security incident management. All these skills, abilities and expertise knowledge are crucial for the successful performance of the information systems security manager.
The information security governance is a relatively new concept but still it is very important in terms of the information systems security at the organizational level. In fact, the information systems security manager should be able to develop and to maintain information system at the organizational level that means that the manager should manage the information security system in the entire organization. The manager cannot limit his/her responsibility by one department solely. Instead, the manager should take the organization as the whole and develop the information systems security that protects the entire organization. In addition, the manager should develop policies, standards and procedures for the entire organization as well.
Furthermore, the information risk management and compliance is another field the information systems security manager should pay a particular attention to. In fact, the manager should conduct the assessment of information risks the organization may be exposed to and to develop effective strategies to prevent those risks. The information risk management includes the elaboration of long-run strategies that help the organization to keep its information system secure and fully protected from external as well as internal threats. The effective information risk management can increase the effectiveness of the information system of the organization and minimizes potential and actual risks the organization may be exposed to.
The information systems security manager should also focus on the information security program development and management. The information security program development and management implies that the manager develops an effective and reliable information security program that can protect the organization from information risks and threats. The manager conducts the management of the information security program and introduces changes, if necessary, in response to changes in the business environment of the organization or possible technological changes.
The information security incident management is also a part of the job of the information systems security manager. The manager should be aware of the fact that information systems of the organization may be vulnerable not only to intended threats but also to incidents that may occur in the course of the functioning of the organization. Hence, the manger should come prepare to such incidents and be able to manage them properly.
The information systems security manager should cooperate closely with the IT department of the company and develop close cooperation with the managerial staff to be able to forecast the further development of the company and information technologies the company will need in the future. Thus, the manager will be able to forecast possible threats and assess the effectiveness of the current information systems security. If necessary, the information systems security manager can introduce changes in the information security of the company.
Thus, the information systems security manager performs an important job and has to fulfill professional responsibilities properly.