Eight Types Of People Responsible For Security

Published Date: 02 Nov 2017

Author’s Affiliation

What are some of the most important certification programs available to network security professionals?

There are a large number of information security certification programs that are designed to test the knowledge of information security professionals in specific areas. In their book, (Merkow, 2006), a number of information security certification programs such as International Information Systems Security Certification Consortium (it is useful for all kinds of information security professionals) and certified information system auditor. It mainly targets business processes instead of technology. The ISC is an international organization that provides training and certification programs for professionals working in a wide variety of information security domains. In this scenario, this certification programs generally offer common principles for maintaining information security of business assets such as information systems or networks. Additionally, these certification programs are designed to encourage security professionals to learn about international standards regarding information security. Up till now, ISC has provided certifications to thousands of employees working in government and private organizations. In addition, two most important security certifications offered by ISC are known as:

Certified information systems security professional (CISSP)

System Security Certified Practitioner (SSC)

Though, the above mentioned security certification programs provide adequate support for the professionals however there are a large number of other security certifications (Merkow, 2006). For instance, Cisco (a well-known IT firm) has designed a wide variety of network security certification programs for IT professionals and organizations. It is believed that companies that implement Cisco Integrated Network Security Solutions hire those employees who have valid Cisco certification. In this scenario, Cisco has initiated different certification programs for instance, network security certification training program and the Cisco certified security professional. These certifications are suitable for information security professionals (Cisco, 2013; Bastien, 2003).

In the same way, GIAC offers a certification program named as GIAC Information Security Professional (GISP), which is suitable for those information security Professionals that want to fill the gaps in their understanding of technical information security experts who work as system or network administrators. In fact this certification program can help them get the knowledge of the practical implementations of the Common Body of Knowledge. In addition, this program is also suitable for those business and project managers who consider information security further than straightforward concepts and terminology. In fact, this certification program is suitable for all those people who are new to information security however they have some knowledge of computer networking and information systems. In this scenario, this certification can also be used as a self-determining evaluation of their mastery of the (ISC) Common Body of Knowledge (Merkow, 2006, p. 67; GIAC, 2013).

References

Bastien, G. (2003, October 31). The Cisco Certified Security Professional. Retrieved March 10, 2013, from Cisco Press: http://www.ciscopress.com/articles/article.asp?p=101657

Cisco. (2013). Security Training. Retrieved March 07, 2013, from http://www.cisco.com/web/learning/le31/le29/learning_recommended_training09186a00800b4a87.html

GIAC. (2013). GIAC Information Security Professional (GISP). Retrieved March 03, 2013, from http://www.giac.org/certification/information-security-professional-gisp

Merkow. (2006). Information Security: Principles And Practices. New Delhi: Dorling Kindersley.

Essay 2

Question 2: Describe the eight types of people responsible for security in an information technology setting.

Information security is a vast topic which requires adoption of a wide variety of rules and regulations in order to ensure the security in an information technology setting. In their book, (Merkow, 2006) discuss eight types of people who are responsible for security in an information technology environment. In this scenario, everybody who uses or is concerned with information technology in an organization is responsible for security in information technology environment. Additionally, this type will cover all the people who use computers for any purpose or any task. For instance, data entry operators, who are responsible for entering data into computers are also required to understand their roles and responsibilities. They should keep the data confidential. In the same way, any user who wants to use IT resource should be given a username and password, which should not be shared with anyone else. However, there are eight types of people that are considered responsible for security in an information technology setting. These are (Merkow, 2006; Brotby, 2009):

Chief information security officer (CISO): CISO is responsible for initiating, managing and maintaining risk and security management programme for information resources (Merkow, 2006).

Information resources manager: The information resources manager is responsible for determining and maintaining procedures, standards and policies that provide the basis for risk and security management (Merkow, 2006).

Information resources security officer: The information resources security officer is a person who is responsible for establishing procedures, practices and policies particularly developed to secure data and information resources (for instance builds security awareness programme, determines threats and vulnerabilities and so on) (Merkow, 2006).

The owners of information resources: These are individuals who are acknowledged as delegates or program managers for the proprietor and they are authorized to complete the program that makes use of the resources (Merkow, 2006).

Custodians of information resources: The role of custodian involves providing the capabilities such as data processing, technical support and other support services to users and owners of information resources (Merkow, 2006).

Technical managers (such as system and network administrators): They are responsible for offering technical support and facilities for security of information resources (Merkow, 2006).

Internal auditors: Internal auditors are responsible for carrying out periodic risk-based reviews and inspections of information resources security procedures, practices and policies (Merkow, 2006).

Users: This type involves general users who are authorized to access and use information resources in reference to the owner-defined access rules and controls (Merkow, 2006).