Career Insights with Upasana Gupta

Q&A: How to Train Non-Security Managers

Insights from Kent Anderson of Encurve LLC
Q&A: How to Train Non-Security Managers

We frequently receive career-related questions from our readers, and when appropriate we take these queries to our own advisory board members for answers.

Recently, we received this question: What training programs are out there to help non-security managers understand the importance of information security to our organizations?

For a response, we turned to Kent Anderson, founder and managing director of Encurve LLC, a member of ISACA's security management committee.

Kent Anderson on Training for Non-Security Managers:

I have found a serious shortage of formal training on information security for non-security professionals. Most of the industry training organizations have 'Intro to Information Security' courses, but immediately dive into technical details such as Internet protocols and cryptology. Many business schools are beginning to offer curriculums in security management that focuses on the business and managerial aspects of security, but these are time consuming, expensive and not directed toward people that are looking for a more basic and fundamental understanding.

What I would recommend is to pursue some self-paced study. There are papers and publications that have been developed to help business managers understand security risks better. Here are a few titles that you might find helpful: ANSI's The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask (it's a free download; but requires registration); ISACA's Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition. Both documents take a strategic business view of the complexities of IT security risks and macro level recommendations.

What questions do you have re: careers in information security? Please submit them via the "Post a Comment" box below.

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.