 |
 |
 |
 |
 |
|
Today, the information security field is not just about technology, it is about people and protecting information wherever it is while still being able to share that information with clients, partners and customers. Considering the security challenges organizations are facing today, more and more employers are emphasizing the need to hire qualified and certified security professionals since employees play an integral role in protecting the assets of any organization, and as such, need to be adequately trained to ensure they possess adequate knowledge in broad security areas and disciplines and demonstrate industry standards and best practices to effectively work and deliver in a given job role and function.
Do you see pieces of paper in your organization with usernames or passwords?
Employees play an integral role in protecting the assets of an institution, and as such, need to be adequately trained and made aware of the basic security practices which are frequently overlooked. A set-it and forget-it approach "we're protected because we have a firewall" to information security ignores end-users, who, if left untrained, remain the institution's weakest link.
Hiring and adding new members to the team is always a mixed feeling. Will this person work out? Should we keep looking for a back up candidate, If What? And so many other unanswered questions plague our mind.
The focus on information security is not just a passing phase—we have seen it sustained over the past couple of years, and it continues to grow. So you can now begin to place yourself in a position to become that ideal security professional as this role evolves and expands more so for banking and financial institutions where information security plays a critical role because banks are committed to the security of its customer’s financial and personal information, again, financial institutions have to abide by privacy, customer trust and information security laws and regulations which have increased significantly in the past 5-6 years, additionally the risk of financial loss, security breaches is something which is on the rise and steps need to be taken to address these very significant security issues plaguing the banking industry partic
John Smith, VP Technical Services at an Investment Bank was interviewing a senior information security professional on the phone last month in April, 2007 during the phone interview the candidate suddenly requested John to be on hold as another call was coming through.
A new chief information security officer should approach their role determined to make a difference to the business they are supporting. This advice comes from someone who knows how to make a difference, Steve Katz, who was the first Chief Information Security Officer (CISO) of a major financial institution, Citigroup, back in the mid 1990s.
ALAN ZAPANTA(ISMG): Now, recently, you have been conducting some compelling research regarding the skill level that the information security industry demands and the current curriculum that many colleges ascribe to. Could you please give us a brief overview? RICHARD SWART: Yes. I did this research in cooperation with the Center for Systems Security and Information Assurance, which is a consortium of about 120 universities mostly on the East Coast. And what we realized was a gap between the expectations of industry in terms of the skill levels that recent graduates should have and the type of training that universities were providing. So we did a parallel set of surveys where we were able to ask specific questions to both industry leaders and to professors to gauge how they were preparing students to enter the information security field and to try to identify where there was a mismatch between what the professors were doing and what the industry needed.
To be successful as a company, finding and choosing the right team is critical. Every company must continuously expand its core team in order to increase market share and maintain competitive standing. Expanding your team requires top talent - specialists in the unique nature and culture of information security companies. You need to acquire and retain the best corporate level talent who understand the breadth of the information security industry. How do you find the right people with the skills, experience and mindset to help you sustain and grow your company?
Determining if a candidate possesses the skills necessary to fill an information security position effectively before hiring him/her is not a trivial task. There are many methods one can use to gauge the effectiveness of a candidate's background. It is important to note that for some positions, it might be very difficult to find a perfect candidate (sometimes even finding a single candidate might be quite difficult). Banks should realize that they need to be somewhat flexible, and define some thresholds above that make the hiring process cost-effective. Training less experienced candidates may be a viable option when cost and time to fulfill all requirements is flexible.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
RSS SyndicationCopyright © 2007 BankInfoSecurity.com