What Does an Information Security Officer Do?

April 20, 2015

 

I’d love to have this on my business card:

_________________________________________
Luke Ahmed, CISSP
Information Security Officer

 

After reading page 14 of the new “Official (ISC)2 Guide to the CISSP CBK, Fourth Edition” however, I found that information security officers have a high pressure job!

 

What I learned from my Interview With An Information Security Officer, is that the security officer was not the enemy.  He was actually trying to find out more details about the SOC in order to perform his job, which is to make sure the company is ready for their ISO 27001 audit.

 

This actually helps me in the long run because I’d be working at an ISO 27001 certified company, which would lead to garnering more customers, and which ultimately keeps my job secure.

 

It also helped me personally as I was madly studying for the CISSP exam, and this real world experience on Information Security Governance and Risk Management was priceless!
 

Responsibilities
For an information security officer it’s no longer about just protecting the company with a firewall or the latest anti-virus update.  They now include the following:

 

Threat Protection
Terrorist attacks
A very real threat in this century

 

State sponsored hacking campaigns
Just as real as terrorist attacks

 

Spear-phishing
Hackers are passing the secretary and going straight for the C-level excutives

 

BYOD
More users are bringing in their own device to the corporate network

 

Insider threats
Whether accidental or with intent, insider threats are one of the biggest to a company

 

Compliance

Laws
Domestic and international laws are created dynamically

 

Regulation
A company must follow regulation in order to protect consumers, and themselves

 

Standards
Certifications such as ISO 27001, which can be crucial to a security business to thrive

 

Incident Response
Information security officers must create and manage incident response teams
Important to maintain proper chain of custody in case of a legal battle
In addition to all the responsibilities above, the information security officer must sure that all their responsibilities align with the goals, objectives, mission, and culture of the company.

 

But it’s not over even after that!

 

Security officers must THEN have to take all their responsibilities, make sure they align with the company, and tell the executive team of everything that is going on for further approval!

 

Basically, if you want to be an information security officer, you better:

 

  • Have a passion for security

  • Articulate effectively

  • Get along with others

  • Stand up for yourself, and not be a push-over depending on your situation

  • Stay current on all the latest threats and counter-measures

 

Think you’re ready for the job?

 

Share on Facebook
Share on Twitter
Please reload

STUDY RESOURCES
MEMBERSHIP
  • 200+ CISSP VIDEOS
  • 600+ PRACTICE QUESTIONS
  • PDF NOTES
  • 1,000 FLASHCARDS
  • TELEGRAM GROUP
  • EMAIL UPDATES
  • $29.99 per month
  • $74.99 3-months
  • $144.99 6-months
CRACK THE EXAM

How Guharaman Cracked His CISSP Exam

December 3, 2019

1/26
Please reload

LEARN ABOUT

© 2013 Study Notes and Theory
Terms and Conditions/Privacy Policy

Proudly created to make you

a better security professional.