What Does an Information Security Officer Do?
I’d love to have this on my business card:
_________________________________________ Luke Ahmed, CISSP Information Security Officer
After reading page 14 of the new “Official (ISC)2 Guide to the CISSP CBK, Fourth Edition” however, I found that information security officers have a high pressure job!
What I learned from my Interview With An Information Security Officer, is that the security officer was not the enemy. He was actually trying to find out more details about the SOC in order to perform his job, which is to make sure the company is ready for their ISO 27001 audit.
This actually helps me in the long run, because I’d be working at an ISO 27001 certified company, which would lead to garnering more customers, and which ultimately keeps my job secure.
It also helped me personally as I was madly studying for the CISSP exam at the time, and this real world experience on Information Security Governance and Risk Management was priceless! Responsibilities For an information security officer it’s no longer about just protecting the company with a firewall or the latest anti-virus update. They now include the following:
State sponsored hacking campaigns Just as real as terrorist attacks.
Spear-phishing Hackers are passing the secretary and going straight for the C-level executives.
Terrorist attacks An unfortunate but real threat.
An unfortunate but real threat.
BYOD More users are bringing in their own device to the corporate network.
Insider threats Whether accidental or with intent, insider threats are one of the biggest to a company.
Laws Domestic and international laws are created dynamically.
Regulation A company must follow regulation in order to protect consumers, and themselves.
Standards Certifications such as ISO 27001, which can be crucial to a security business to thrive.
Incident Response Information security officers must create and manage incident response teams Important to maintain proper chain of custody in case of a legal battle In addition to all the responsibilities above, the information security officer must make sure that all their responsibilities align with the goals, objectives, mission, and culture of the company.
But it’s not over even after that!
Security officers must THEN have to take all their responsibilities, make sure they align with the company, and tell the executive team of everything that is going on for further approval!
Basically, if you want to be an information security officer, you better:
Have a passion for security
Get along with others
Stand up for yourself, and not be a push-over depending on your situation
Stay current on all the latest threats and counter-measures
Think you’re ready for the job?