TABLE OF CONTENTS INTRODUCTION...........................................................................................................................1 TASK 1............................................................................................................................................1 Presenting the importance of dedicated information security program manager...................1 TASK 2............................................................................................................................................2 Identifying security requirements for recruiting job positions...............................................2 TASK 3............................................................................................................................................4 Developing the selection criteria for the advertisement job position.....................................4 CONCLUSION................................................................................................................................6 REFERENCES................................................................................................................................7
INTRODUCTION Information security management is quite necessary for every organization. It is an approach that helps in designing and implementing security practices in order to protect some business process or IT system. The report helps to understand the importance of information security program and also develop the job selection criteria for recruiting position. Report also identified various job security requirement and also specify the laws and regulations which a candidate must have. TASK 1 Presenting the importance of dedicated information security program manager For an organization, it is quite necessary to have a dedicated information security program manager because only Chief Information security officer (CISO) is not always be liable and for a company it is not a good practice to have only one person to perform all information security roles from planning to implementation. Therefore, there is a need of information security program manager because of the following reasons: ◦Need: Having a separate security program manager beside CISO will helps in internal audit, risk management and physical security. Information security program manager must implement, maintaining, monitoring and improving information security that is quite necessary for a company's culture(Grimm and et.al., 2018). Managers also provide a visible support as well as commitment at all level of management in order to maintain good relationship with their subordinates. ◦Confidentiality:Every firm must have information security program manager and theymustkeeptheirdataconfidentialandmaintainingconfidentialityisalso important to ensure that no data ends up by the hands of wrong people. For this, access must be given to a particular authorized individual in order to protect entire data from missing. Another method can be used to protect confidentiality such as encryption, unique user Ids and some strong password(Martin and Kung, 2018). ◦Integrity:It means that all sensitive data should be maintain with accuracy and authenticity of related information. Or having a dedicated information security program manager will help to protect data from some accidental or intentional 1
changes which somehow corrupt the information. File permission or access controls are things that helps to protect data. ◦Availability:It means that company's services, information and some assets are easily available for the customers whenever they needed (Importance of Information Security manager,2018). It is the duty of information security program manager to find out some ways that helps to protect data from being lost such as by developing disaster recovery plan and by performing regular backups etc. TASK 2 Identifying security requirements for recruitingto be checked for the recruiting role For recruiting the position of Information Security manager, there are various security requirements that must be used such as: Personal Information:This includes name, nationality, age and other important personal identity. Qualification:A candidate must have a bachelor degree in Computer science or programming as per Australian Government. Moreover, employers may also prefer to recruit managers having higher qualifications such as master of Business Administration in Information System(LIdster and Rahman, 2018). Skills:Candidate must have a strong background in information technology and must have a clear understanding of challenges of information system. They also have abilities related to problem solving and have knowledge to fix security risk. Further, they must have strong communication and presentation skills, so that candidate also develops security solutions by collaborating with other professionals that are related to information technology. Assessment:They must know some security measures such as firewalls and anti- virus software or passwords(Kim and et.al., 2018). If in case, Candidate have a knowledge to identify the weak points of the working place that might make information system vulnerable to attack. Person also order security coverage in order to ensure all important data receives highest levels of protection. Suitability: person must be honest, trustworthiness and mature enough to understand their responsibilities. In the context of security, integrity can be defining as a range of 2
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
characteristics with a clear subject possesses in order to protect Australian Government resources. Even they should be loyal towards their work. Risk Factor Areas:This basically includes seven factors such as external loyalties, influences and association ◦Financial consideration ◦security violation ◦emotional and some health issues. ◦Alcohol use ◦history related to crimes ◦Personal relationship Supporting requirement:Sponsoring entities should continuously monitor and also manage suitability of their security system that also includes collecting, assessing and sharing information of security concern. They should conduct annual security check-ups by associating all the security cleared personnel(Karabašević and et.al., 2018).If the candidate is not an Australian citizen and also have a valid visa with all rights then government provide them an authorized vetting agency with an eligibility. Guidance:A pre-employment screening is mandatory and all the check points should also be developed in order to provide a level of assurance about each individual's suitability to access all Australian Government resources. Legal requirements:If the candidate is selected, then the company must comply some legal rules such as Archives Act, 1983 in which it oversee record- keeping practices in the Australian Government. Next is Privacy Act, 1988 that regulate the handling of all personal information about each and every individual and if any candidate found to breach law, then the firm have to pay some penalty as per rule(Ramalingam, Arun and Anbazhagan, 2018). Next legal rule is Freedom of Information Act 1982, that enforceable right to hold all information and other exempted documents. 3
TASK 3 Developing the selection criteria for the advertisement job position Title: IT Security Manager Personal Identification: Name: Aldus Edwin Age: 32 Gender: Male Nationality: Australian Qualification: Bachelor degree in Computer science, Masters in Business Administration in Information System, diploma in IT, Masters Skills: a candidate must have a deep knowledge and strong background related to information technology, require an excellent problem solving abilities in order to identifies risk. Have good team working skills with excellent communication skills. Must understand the issues related to some security for all-over the organization. Can develop new security solutions with best collaborations with other professionals’ teams of information technologies. Experience: At least work for 2-3 years in some reputed firm, have deep knowledge related to workplaces and must handle some problems related to security. Assessment: Candidates must have deep knowledge related to some security measures such as updated anti- viruses’ software, firewalls that helps to protect data from being spoiled. Must know how to maintain the confidentiality of all over data. Policies: should know how to manage or develop policies in order to encourage secure protecting data. Duties and responsibilities: always research latest trends of security related information technologies candidate must monitor all the networks for security breaches and identifies the cause of this whenever they occur. They must design, implement and maintain the company's overall security plan. 4
Candidate should know how to implement strategies related to security standards and protect some sensitive tools Help technicians whenever they need to install or learn some new security products into an organization. Conduct IT security audit in order to identify proper situation of a company. Must know all risk factors. Organizational Relationship: works in conjunction with departments and must be aware of all cyber security issues, train new employees and let them know about good cyber security practices. Legal laws and requirement: A selected candidate must know that the company must comply with all laws and regulations such that they know about Archives Act, 1983 which empowers National Archives of Australia (NAA) to complete look after all the records- keeping requirement. It means that a company must keep previous data safely so that no other agency takes advantage or misuse those(Peltier, 2016). Another legal requirement i.e. Privacy Act, 1988 which regulates the handling of personal information about each employee who work in a company. It also states that all the data which a company taken from their recruitment procedure should be correct and appropriate. Recruited candidate must also know about the Privacy Regulation 2013 Act under which some agency has to take some steps in order to destroy some personal identification information which hold by them as they did not need now, unless some exceptional cases.(Soomro, Shah and Ahmed, 2016). If any laws are breach by an organization, then government charge penalty in the form of monetary or punishment. As per the Crime Act 1914, which states that all the data must be protect whether they are officials or non- officials and set out penalties for breaching any law. 5
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
CONCLUSION BysummingupabovereportithasbeenconcludedthatInformationsecurity management is quite necessary in every organization because CISO is not only handle all the departments regarding planning to implementation. Therefore, information security manager has their importance in a firm as they help in planning and keeping the data confidential from other agency in order to protect their data from any misuse. Further, the report also presents required skills and education criteria which must be included while posting a job and moreover, the company must comply with all legal rules & regulations of Australian Government. Even for a recruit candidate, they must also have deep knowledge related to all laws while selecting for a position of Information Security manager. 6
REFERENCES Books and Journal Grimm, N. and et.al.,2018, January. A monadic framework for relational verification: Applied to information security, program equivalence, and optimizations. InProceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs(pp. 130-145). ACM. Karabašević, D. and et.al.,2018. IMPORTANCE OF VULNERABILITY SCANNERS FOR IMPROVING SECURITY AND PROTECTION OF THE WEB SERVERS.BizInfo (Blace) Journal of Economics, Management and Informatics.9(1). pp.19-29. Kim, E. and et.al., 2018, June. CyTIME: Cyber Threat Intelligence ManagEment framework for automaticallygeneratingsecurityrules.InProceedingsofthe13thInternational Conference on Future Internet Technologies(p. 7). ACM. LIdster, W. and Rahman, S. S., 2018, August. Obstacles to Implementation of Information Security Governance. In2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)(pp. 1826-1831). IEEE. Martin, Y. S. and Kung, A., 2018, April. Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering. In2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)(pp. 108-111). IEEE. Peltier, T. R., 2016.Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications. Ramalingam, D., Arun, S. and Anbazhagan, N., 2018. A Novel Approach for Optimizing Governance, Risk management and Compliance for Enterprise Information security using DEMATEL and FoM.Procedia Computer Science.134. pp.365-370. Soomro, Z. A., Shah, M. H. and Ahmed, J., 2016. Information security management needs more holisticapproach:Aliteraturereview.InternationalJournalofInformation Management.36(2). pp.215-225.