Also, it goes without saying that anyone hired in an important position like this one should have a wealth of experience and knowledge pertaining to information technology and information security (Slater, p. 2).
The broad spectrum of activities a CSO must engage in Author Tyler Justin Speed explains that while it security staff can be counted on for the most part to protect stored digital data, unless the chief of security is fully aware of the potential for "internal threats" he or she is missing the boat. In other words, employees with access to server rooms can access databases, computers, routers, monitors and other "physical parts of the network infrastructure" (Speed, 2012). Speed insists that it doesn't matter "…how good the firewall installed at a network's gateway to the Internet is; if a computer's disk drive is not physically protected," a person who is not authorized can upload "malicious software" into one of the network's computers. All the date contained in that computer hard drive will then be compromised, Speed explains. Hence, the CSO must take great pains to protect network data from employees. '
How the CSO can be reasonably assured that new hires are honest: a) there must be a very thorough background check (it costs the company money); b) the applicant must be given a "skills assessment test" to determine what he or she knows about digital technology; c) references must be checked thoroughly; d) once vetted, the new hire needs to be well trained by security and administration professionals; and e) a "culture of security awareness" needs to be established (Speed).
Moreover, information security should not be entirely in the hands of the CSO; indeed, organizations...
The information security community is there to protect information assets; the it community is there to support "the business objectives"; and the nontechnical business community is there to articulate and communicate the polices and the mission of the organization (Whitman).
In conclusion, this is an age in which malicious criminals have the capability to hack into just about any so-called secure server in any country at any time. So the company not fully conversant with the need to have three groups of professionals -- or a program similar to what Whitman describes -- is in jeopardy of being violated. If digital interlopers can hack into government servers that are supposed to be immune to such attacks, those same interloper criminals can surely find a way to steal digital data and company secrets from corporations as well.
Works Cited
Slater, Derek. (2011). What is a Chief Security Officer? Increasingly, Chief Security Officer
means what it sounds like: The CSO is the executive responsible for the organization's entire security posture, both physical and digital. CSO Online. Retrieved June 26, 2013, from http://www.csoonline.com.
Speed, T.J. (2012). Asset Protection Through Security Awareness. Boca Raton, FL: CRC
Press.
Whitman, M.E., and Mattord, H.J. (2010). Management of Information Security. Independence,
KY: Cengage Learning.
