Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Information Technology Security Roles
Abstract
The roles that information security personnel play is vital within an organization. We have analyzed three key roles namely CISO, CIO, and Digital forensics. These are key roles in an organization that wants to secure its information systems and data. Each role has been analyzed and the different function performed within each role presented. This gives a clear picture of what each role performs and what is required of each role. Cybersecurity has been the main focus when analyzing these three roles. The information technology security roles will optimize and secure the organization's data assets by performing various functions that have been shown in the paper. Digital forensics has been presented and we have shown how it can be used to complement the security efforts of the organization. We have also presented how digital evidence personnel can guarantee the integrity of the evidence collected. Finally, we have listed some of the tools that digital forensics personnel can use in the performance of their duties.
The Chief Information Security Officer (CISO)
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the organization's vision, strategy, and program in order to ensure that the information assets and technologies are adequately protected. The CISO is responsible for ensuring that the organization complies and is in compliance with internal and external policies (Goodyear, Goerdel, Portillo, & Williams, 2010). This is because the CISO is charged with analyzing how information security affects legal requirements of the organization. For example, The CISO is required to ensure that the organization is in compliance with PCI or HIPPA laws. They are also required to write and adjust the organization policies based on the new compliance requirements and rules. The CISO is charged with anticipating new threats and they actively work to prevent any new threats from occurring in the organization. Therefore, the CISO does not wait for a security incident or data breach to take place for them to act. In order to anticipate new threats, the CISO will run vulnerability scans, web application security assessments, and penetration tests. This is aimed at checking the security of the organization's systems and ensuring they is little chance of the systems being penetrated or attacked. In carrying out this role, they are checking to see that the hardware and software configurations of the organization and those of their vendors are in compliance with regulatory and organization standards. A CISO is also the link between different departments within the organization, and all their third parties as far as cybersecurity is concerned. The CISO not only manages the information security team, but they have to manage different teams within the organization in regards to the security of information (Conklin & McLeod, 2009). For this reason, the CISO should have good relationships and visibility all the time in regards to the vendors or the department they are working with. In order to reduce the operational risks that the organization might be faced with if a security attack was to take place, the CISO must closely work with other executives in different departments to ensure that the security systems are working smoothly.
The competencies that a CISO could perform are security risk management, data security, and systems and application security. Security risk management is the continuous process of analyzing organization systems in order to identify security risks and implement strategies that will address the identified risks. Security risks are determined by considering the likelihood of known threats exploiting vulnerabilities within the organization systems and the impact that these vulnerabilities would have on the organization's...
Once the risks and vulnerabilities have been identified it is vital to implement strategies that would seal the vulnerabilities and ensure that the risk is mitigated against before it happens (Goodyear et al., 2010). Data security refers to protecting digital data from any destructive forces and from unwanted actions like cyber attack, or a data breach. Data security is a vital aspect of information technology for any organization, and it is used to ensure that there is no unauthorized access to computers, websites, and databases of the organization. Preventing data from corruption is also an aspect of data security. Some of the data security technologies that can be employed include backups, encryption, data masking and data erasure. Data security is mostly ensured by requiring authentication of the users accessing and using the data. Systems and application security refers to the use of hardware, software, and procedural methods in order to protect the organization's application from external threats. This will entail ensuring that applications and systems have security measures built into them in order to minimize the risk of unauthorized code or access to the systems. The CISO is required to work closely with the vendors to check on the systems and applications they are applying in order to ensure that they are in compliance with the organization's security policies. Some of the countermeasures that can be used in an organization to protect systems and applications is the use of firewalls, anti-virus programs, biometric authentication systems, and spyware detection and removal programs.
The Chief Information Officer (CIO)
The Chief Information Officer (CIO) is responsible for planning and implementing the information technology strategy that is aimed at meeting the organization's business needs. He/she is also responsible for the management and strategic use of information, information technology, and information systems. The CIO will work with other members of the executive team in order to identify how information technology can assist the organization to achieve its business and financial goals (Lee & Shin, 2015). For example, using technology the organization can streamline its business processes, improve quality of customer service, and increase employee productivity. The CIO will be charged with developing a strategy aimed at achieving business goals and they will recommend investments that can deliver measurable results like a 3 percent reduction in order-processing costs or 4 percent improvement in productivity of the employees. Another function of the CIO is resource utilization. The CIO is responsible for ensuring that available network infrastructure and information technology support the organization's computing, communication, and data processing needs. If it is established that the organization needs greater capacity, it is the CIOs responsibility to make decisions on the solutions that the organization needs in order to meet the additional needs at the lowest cost possible. The CIO is also required to analyze the need for additional capacity against the risk of having resources that would be underutilized most of the times (National Cyber Security Division, 2007).
The CIO should be able to recognize and respond to the changing requirements and demand for IT security within an organization. This will be done by evaluating new and emerging IT security technologies with an aim of identifying the technologies that would be best suited to the organization. For example, there is an increased need for collaboration and this has resulted in the deployment of wireless networking infrastructure in most organizations. The CIO will be required to analyze the impact that this new requirement would have on the organization's IT security and develop the necessary policies to ensure that there is…
References
Conklin, W. A., & McLeod, A. (2009). Introducing the information technology security essential body of knowledge framework. Journal of Information Privacy and Security, 5(2), 27-41.
Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. digital investigation, 7, S64-S73.
Goodyear, M., Goerdel, H. T., Portillo, S., & Williams, L. (2010). Cybersecurity management in the states: The emerging role of chief information security officers.
Lee, Y., & Shin, Y. (2015). A design on information security occupational classification for future convergence environment. Journal of Society for e-Business Studies, 20(1).
National Cyber Security Division. (2007). Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development United States Department of Homeland Security, Washington, D.C.
OSIIT An analysis of IT policy transformation The aim of this project is to evaluate the effectiveness of information security policy in the context of an organization, OSI Systems, Inc. With presence in Africa, Australia, Canada, England, Malaysia and the United States, OSI Systems, Inc. is a worldwide company based in California that develops and markets security and inspection systems such as airport security X-ray machines and metal detectors, medical monitoring anesthesia
Information Security Strategy The world of information technology (IT) has evolved tremendously in the last few decades. Today, IT systems permeate virtually every aspect of work in the organizational setting – from strategic planning functions to administrative and operational functions such as human resource management, payroll management, project management, procurement, customer relationship management, and financial management. These systems have enabled organizations undertake a wide variety of tasks with far greater ease,
Security Manager Leadership Analysis & Assessment of Main Management Skills of Security Managers The role of security managers and their progression to Chief Information Security Officers (CISO) in their careers is often delineated by a very broad base of experiences, expertise, skills and the continual development of management and leadership skills. The intent of this analysis and assessment is to define the most critically important management skills for security managers, including those
Director of Information Security There is now a need evolving to create a better-sophisticated system of security that can prevent many financial disasters for companies and customers. This becomes necessary because of growing technology and the way the malicious elements have become better at using technology to further their nefarious purposes. Financial institutions also stand a good chance of being the target of the future cyber terrorist. Because of all these
Network Security for a Medium Sized Company: Network security is an important component for all companies including small and medium sized firms because very few businesses can operate without a network of computers. The network of computers facilitates improved communication in order for the company to improve its profitability or productivity. However, the improved communication between computers is also associated with some inherent risks such as malware and unauthorized access. The
Technologiies Emerging Technologies Scenario Senior leadership of a medical center has just recently reviewed the plan for changes to the center's facilities. However, the medical center found out that the associated risks related to the new and emerging technologies had not been addressed. Thus, the Hospital's Chief Operating Officer (COO) has given a Chief Information Security Officer (CISO) two weeks to deliver a quick evaluation of the risks as well as the