InfoSec Policy, Regulation, Personnel Security Requirement Analysis
VerifiedAdded on 2021/01/02
|10
|2188
|270
Report
AI Summary
This report provides an in-depth analysis of information security management, emphasizing the critical role of a dedicated information security program manager within an organization, beyond the responsibilities of a Chief Information Security Officer (CISO). The report highlights the necessity of such a manager for internal audits, risk management, and physical security, ensuring the implementation, maintenance, and improvement of information security practices. It also outlines essential security requirements for recruiting an information security manager, including personal information, qualifications (such as a bachelor's degree in Computer Science or an MBA), skills in IT, and assessment criteria like knowledge of security measures, suitability, and risk factor areas. The report also includes legal requirements as per the Australian Government, such as the Archives Act 1983, Privacy Act 1988, and Freedom of Information Act 1982. The report concludes with the importance of adhering to legal and organizational policies to protect data and maintain confidentiality and integrity.
InfoSec policy, Regulation,
Personnel security
requirement development and
Analysis
Personnel security
requirement development and
Analysis
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................1
TASK 1............................................................................................................................................1
Presenting the importance of dedicated information security program manager...................1
TASK 2............................................................................................................................................2
Identifying security requirements for recruiting job positions...............................................2
TASK 3............................................................................................................................................4
Developing the selection criteria for the advertisement job position.....................................4
CONCLUSION................................................................................................................................6
REFERENCES................................................................................................................................7
INTRODUCTION...........................................................................................................................1
TASK 1............................................................................................................................................1
Presenting the importance of dedicated information security program manager...................1
TASK 2............................................................................................................................................2
Identifying security requirements for recruiting job positions...............................................2
TASK 3............................................................................................................................................4
Developing the selection criteria for the advertisement job position.....................................4
CONCLUSION................................................................................................................................6
REFERENCES................................................................................................................................7
INTRODUCTION
Information security management is quite necessary for every organization. It is an
approach that helps in designing and implementing security practices in order to protect some
business process or IT system. The report helps to understand the importance of information
security program and also develop the job selection criteria for recruiting position. Report also
identified various job security requirement and also specify the laws and regulations which a
candidate must have.
TASK 1
Presenting the importance of dedicated information security program manager
For an organization, it is quite necessary to have a dedicated information security
program manager because only Chief Information security officer (CISO) is not always be liable
and for a company it is not a good practice to have only one person to perform all information
security roles from planning to implementation. Therefore, there is a need of information
security program manager because of the following reasons:
◦ Need: Having a separate security program manager beside CISO will helps in internal
audit, risk management and physical security. Information security program manager
must implement, maintaining, monitoring and improving information security that is
quite necessary for a company's culture (Grimm and et.al., 2018). Managers also
provide a visible support as well as commitment at all level of management in order
to maintain good relationship with their subordinates.
◦ Confidentiality: Every firm must have information security program manager and
they must keep their data confidential and maintaining confidentiality is also
important to ensure that no data ends up by the hands of wrong people. For this,
access must be given to a particular authorized individual in order to protect entire
data from missing. Another method can be used to protect confidentiality such as
encryption, unique user Ids and some strong password (Martin and Kung, 2018).
◦ Integrity: It means that all sensitive data should be maintain with accuracy and
authenticity of related information. Or having a dedicated information security
program manager will help to protect data from some accidental or intentional
1
Information security management is quite necessary for every organization. It is an
approach that helps in designing and implementing security practices in order to protect some
business process or IT system. The report helps to understand the importance of information
security program and also develop the job selection criteria for recruiting position. Report also
identified various job security requirement and also specify the laws and regulations which a
candidate must have.
TASK 1
Presenting the importance of dedicated information security program manager
For an organization, it is quite necessary to have a dedicated information security
program manager because only Chief Information security officer (CISO) is not always be liable
and for a company it is not a good practice to have only one person to perform all information
security roles from planning to implementation. Therefore, there is a need of information
security program manager because of the following reasons:
◦ Need: Having a separate security program manager beside CISO will helps in internal
audit, risk management and physical security. Information security program manager
must implement, maintaining, monitoring and improving information security that is
quite necessary for a company's culture (Grimm and et.al., 2018). Managers also
provide a visible support as well as commitment at all level of management in order
to maintain good relationship with their subordinates.
◦ Confidentiality: Every firm must have information security program manager and
they must keep their data confidential and maintaining confidentiality is also
important to ensure that no data ends up by the hands of wrong people. For this,
access must be given to a particular authorized individual in order to protect entire
data from missing. Another method can be used to protect confidentiality such as
encryption, unique user Ids and some strong password (Martin and Kung, 2018).
◦ Integrity: It means that all sensitive data should be maintain with accuracy and
authenticity of related information. Or having a dedicated information security
program manager will help to protect data from some accidental or intentional
1
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
changes which somehow corrupt the information. File permission or access controls
are things that helps to protect data.
◦ Availability: It means that company's services, information and some assets are
easily available for the customers whenever they needed (Importance of Information
Security manager, 2018). It is the duty of information security program manager to
find out some ways that helps to protect data from being lost such as by developing
disaster recovery plan and by performing regular backups etc.
TASK 2
Identifying security requirements for recruiting to be checked for the recruiting role
For recruiting the position of Information Security manager, there are various security
requirements that must be used such as:
Personal Information: This includes name, nationality, age and other important personal
identity.
Qualification: A candidate must have a bachelor degree in Computer science or
programming as per Australian Government. Moreover, employers may also prefer to
recruit managers having higher qualifications such as master of Business Administration
in Information System (LIdster and Rahman, 2018).
Skills: Candidate must have a strong background in information technology and must
have a clear understanding of challenges of information system. They also have abilities
related to problem solving and have knowledge to fix security risk. Further, they must
have strong communication and presentation skills, so that candidate also develops
security solutions by collaborating with other professionals that are related to information
technology.
Assessment: They must know some security measures such as firewalls and anti- virus
software or passwords (Kim and et.al., 2018). If in case, Candidate have a knowledge to
identify the weak points of the working place that might make information system
vulnerable to attack. Person also order security coverage in order to ensure all important
data receives highest levels of protection.
Suitability: person must be honest, trustworthiness and mature enough to understand
their responsibilities. In the context of security, integrity can be defining as a range of
2
are things that helps to protect data.
◦ Availability: It means that company's services, information and some assets are
easily available for the customers whenever they needed (Importance of Information
Security manager, 2018). It is the duty of information security program manager to
find out some ways that helps to protect data from being lost such as by developing
disaster recovery plan and by performing regular backups etc.
TASK 2
Identifying security requirements for recruiting to be checked for the recruiting role
For recruiting the position of Information Security manager, there are various security
requirements that must be used such as:
Personal Information: This includes name, nationality, age and other important personal
identity.
Qualification: A candidate must have a bachelor degree in Computer science or
programming as per Australian Government. Moreover, employers may also prefer to
recruit managers having higher qualifications such as master of Business Administration
in Information System (LIdster and Rahman, 2018).
Skills: Candidate must have a strong background in information technology and must
have a clear understanding of challenges of information system. They also have abilities
related to problem solving and have knowledge to fix security risk. Further, they must
have strong communication and presentation skills, so that candidate also develops
security solutions by collaborating with other professionals that are related to information
technology.
Assessment: They must know some security measures such as firewalls and anti- virus
software or passwords (Kim and et.al., 2018). If in case, Candidate have a knowledge to
identify the weak points of the working place that might make information system
vulnerable to attack. Person also order security coverage in order to ensure all important
data receives highest levels of protection.
Suitability: person must be honest, trustworthiness and mature enough to understand
their responsibilities. In the context of security, integrity can be defining as a range of
2
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
characteristics with a clear subject possesses in order to protect Australian Government
resources. Even they should be loyal towards their work.
Risk Factor Areas: This basically includes seven factors such as
external loyalties, influences and association
◦ Financial consideration
◦ security violation
◦ emotional and some health issues.
◦ Alcohol use
◦ history related to crimes
◦ Personal relationship
Supporting requirement: Sponsoring entities should continuously monitor and also
manage suitability of their security system that also includes collecting, assessing and
sharing information of security concern. They should conduct annual security check-ups
by associating all the security cleared personnel (Karabašević and et.al., 2018). If the
candidate is not an Australian citizen and also have a valid visa with all rights then
government provide them an authorized vetting agency with an eligibility.
Guidance: A pre-employment screening is mandatory and all the check points should
also be developed in order to provide a level of assurance about each individual's
suitability to access all Australian Government resources.
Legal requirements: If the candidate is selected, then the company must comply some
legal rules such as Archives Act, 1983 in which it oversee record- keeping practices in
the Australian Government. Next is Privacy Act, 1988 that regulate the handling of all
personal information about each and every individual and if any candidate found to
breach law, then the firm have to pay some penalty as per rule (Ramalingam, Arun and
Anbazhagan, 2018). Next legal rule is Freedom of Information Act 1982, that enforceable
right to hold all information and other exempted documents.
3
resources. Even they should be loyal towards their work.
Risk Factor Areas: This basically includes seven factors such as
external loyalties, influences and association
◦ Financial consideration
◦ security violation
◦ emotional and some health issues.
◦ Alcohol use
◦ history related to crimes
◦ Personal relationship
Supporting requirement: Sponsoring entities should continuously monitor and also
manage suitability of their security system that also includes collecting, assessing and
sharing information of security concern. They should conduct annual security check-ups
by associating all the security cleared personnel (Karabašević and et.al., 2018). If the
candidate is not an Australian citizen and also have a valid visa with all rights then
government provide them an authorized vetting agency with an eligibility.
Guidance: A pre-employment screening is mandatory and all the check points should
also be developed in order to provide a level of assurance about each individual's
suitability to access all Australian Government resources.
Legal requirements: If the candidate is selected, then the company must comply some
legal rules such as Archives Act, 1983 in which it oversee record- keeping practices in
the Australian Government. Next is Privacy Act, 1988 that regulate the handling of all
personal information about each and every individual and if any candidate found to
breach law, then the firm have to pay some penalty as per rule (Ramalingam, Arun and
Anbazhagan, 2018). Next legal rule is Freedom of Information Act 1982, that enforceable
right to hold all information and other exempted documents.
3
TASK 3
Developing the selection criteria for the advertisement job position
Title: IT Security Manager
Personal Identification:
Name: Aldus Edwin
Age: 32
Gender: Male
Nationality: Australian
Qualification: Bachelor degree in Computer science, Masters in Business Administration in
Information System, diploma in IT, Masters
Skills:
a candidate must have a deep knowledge and strong background related to information
technology,
require an excellent problem solving abilities in order to identifies risk.
Have good team working skills with excellent communication skills.
Must understand the issues related to some security for all-over the organization.
Can develop new security solutions with best collaborations with other professionals’
teams of information technologies.
Experience: At least work for 2-3 years in some reputed firm, have deep knowledge related to
workplaces and must handle some problems related to security.
Assessment: Candidates must have deep knowledge related to some security measures such as
updated anti- viruses’ software, firewalls that helps to protect data from being spoiled. Must
know how to maintain the confidentiality of all over data.
Policies: should know how to manage or develop policies in order to encourage secure
protecting data.
Duties and responsibilities:
always research latest trends of security related information technologies
candidate must monitor all the networks for security breaches and identifies the cause of
this whenever they occur.
They must design, implement and maintain the company's overall security plan.
4
Developing the selection criteria for the advertisement job position
Title: IT Security Manager
Personal Identification:
Name: Aldus Edwin
Age: 32
Gender: Male
Nationality: Australian
Qualification: Bachelor degree in Computer science, Masters in Business Administration in
Information System, diploma in IT, Masters
Skills:
a candidate must have a deep knowledge and strong background related to information
technology,
require an excellent problem solving abilities in order to identifies risk.
Have good team working skills with excellent communication skills.
Must understand the issues related to some security for all-over the organization.
Can develop new security solutions with best collaborations with other professionals’
teams of information technologies.
Experience: At least work for 2-3 years in some reputed firm, have deep knowledge related to
workplaces and must handle some problems related to security.
Assessment: Candidates must have deep knowledge related to some security measures such as
updated anti- viruses’ software, firewalls that helps to protect data from being spoiled. Must
know how to maintain the confidentiality of all over data.
Policies: should know how to manage or develop policies in order to encourage secure
protecting data.
Duties and responsibilities:
always research latest trends of security related information technologies
candidate must monitor all the networks for security breaches and identifies the cause of
this whenever they occur.
They must design, implement and maintain the company's overall security plan.
4
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Candidate should know how to implement strategies related to security standards and
protect some sensitive tools
Help technicians whenever they need to install or learn some new security products into
an organization.
Conduct IT security audit in order to identify proper situation of a company.
Must know all risk factors.
Organizational Relationship: works in conjunction with departments and must be aware of all
cyber security issues, train new employees and let them know about good cyber security
practices.
Legal laws and requirement:
A selected candidate must know that the company must comply with all laws and
regulations such that they know about Archives Act, 1983 which empowers
National Archives of Australia (NAA) to complete look after all the records-
keeping requirement. It means that a company must keep previous data safely so
that no other agency takes advantage or misuse those (Peltier, 2016).
Another legal requirement i.e. Privacy Act, 1988 which regulates the handling of
personal information about each employee who work in a company. It also states
that all the data which a company taken from their recruitment procedure should
be correct and appropriate.
Recruited candidate must also know about the Privacy Regulation 2013 Act under
which some agency has to take some steps in order to destroy some personal
identification information which hold by them as they did not need now, unless
some exceptional cases. (Soomro, Shah and Ahmed, 2016).
If any laws are breach by an organization, then government charge penalty in the
form of monetary or punishment. As per the Crime Act 1914, which states that all
the data must be protect whether they are officials or non- officials and set out
penalties for breaching any law.
5
protect some sensitive tools
Help technicians whenever they need to install or learn some new security products into
an organization.
Conduct IT security audit in order to identify proper situation of a company.
Must know all risk factors.
Organizational Relationship: works in conjunction with departments and must be aware of all
cyber security issues, train new employees and let them know about good cyber security
practices.
Legal laws and requirement:
A selected candidate must know that the company must comply with all laws and
regulations such that they know about Archives Act, 1983 which empowers
National Archives of Australia (NAA) to complete look after all the records-
keeping requirement. It means that a company must keep previous data safely so
that no other agency takes advantage or misuse those (Peltier, 2016).
Another legal requirement i.e. Privacy Act, 1988 which regulates the handling of
personal information about each employee who work in a company. It also states
that all the data which a company taken from their recruitment procedure should
be correct and appropriate.
Recruited candidate must also know about the Privacy Regulation 2013 Act under
which some agency has to take some steps in order to destroy some personal
identification information which hold by them as they did not need now, unless
some exceptional cases. (Soomro, Shah and Ahmed, 2016).
If any laws are breach by an organization, then government charge penalty in the
form of monetary or punishment. As per the Crime Act 1914, which states that all
the data must be protect whether they are officials or non- officials and set out
penalties for breaching any law.
5
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CONCLUSION
By summing up above report it has been concluded that Information security
management is quite necessary in every organization because CISO is not only handle all the
departments regarding planning to implementation. Therefore, information security manager has
their importance in a firm as they help in planning and keeping the data confidential from other
agency in order to protect their data from any misuse. Further, the report also presents required
skills and education criteria which must be included while posting a job and moreover, the
company must comply with all legal rules & regulations of Australian Government. Even for a
recruit candidate, they must also have deep knowledge related to all laws while selecting for a
position of Information Security manager.
6
By summing up above report it has been concluded that Information security
management is quite necessary in every organization because CISO is not only handle all the
departments regarding planning to implementation. Therefore, information security manager has
their importance in a firm as they help in planning and keeping the data confidential from other
agency in order to protect their data from any misuse. Further, the report also presents required
skills and education criteria which must be included while posting a job and moreover, the
company must comply with all legal rules & regulations of Australian Government. Even for a
recruit candidate, they must also have deep knowledge related to all laws while selecting for a
position of Information Security manager.
6
REFERENCES
Books and Journal
Grimm, N. and et.al., 2018, January. A monadic framework for relational verification: Applied
to information security, program equivalence, and optimizations. In Proceedings of the
7th ACM SIGPLAN International Conference on Certified Programs and Proofs (pp.
130-145). ACM.
Karabašević, D. and et.al., 2018. IMPORTANCE OF VULNERABILITY SCANNERS FOR
IMPROVING SECURITY AND PROTECTION OF THE WEB SERVERS. BizInfo
(Blace) Journal of Economics, Management and Informatics. 9(1). pp.19-29.
Kim, E. and et.al., 2018, June. CyTIME: Cyber Threat Intelligence ManagEment framework for
automatically generating security rules. In Proceedings of the 13th International
Conference on Future Internet Technologies (p. 7). ACM.
LIdster, W. and Rahman, S. S., 2018, August. Obstacles to Implementation of Information
Security Governance. In 2018 17th IEEE International Conference On Trust, Security
And Privacy In Computing And Communications/12th IEEE International Conference
On Big Data Science And Engineering (TrustCom/BigDataSE) (pp. 1826-1831). IEEE.
Martin, Y. S. and Kung, A., 2018, April. Methods and Tools for GDPR Compliance Through
Privacy and Data Protection Engineering. In 2018 IEEE European Symposium on
Security and Privacy Workshops (EuroS&PW) (pp. 108-111). IEEE.
Peltier, T. R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Ramalingam, D., Arun, S. and Anbazhagan, N., 2018. A Novel Approach for Optimizing
Governance, Risk management and Compliance for Enterprise Information security
using DEMATEL and FoM. Procedia Computer Science. 134. pp.365-370.
Soomro, Z. A., Shah, M. H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information
Management. 36(2). pp.215-225.
Books and Journal
Grimm, N. and et.al., 2018, January. A monadic framework for relational verification: Applied
to information security, program equivalence, and optimizations. In Proceedings of the
7th ACM SIGPLAN International Conference on Certified Programs and Proofs (pp.
130-145). ACM.
Karabašević, D. and et.al., 2018. IMPORTANCE OF VULNERABILITY SCANNERS FOR
IMPROVING SECURITY AND PROTECTION OF THE WEB SERVERS. BizInfo
(Blace) Journal of Economics, Management and Informatics. 9(1). pp.19-29.
Kim, E. and et.al., 2018, June. CyTIME: Cyber Threat Intelligence ManagEment framework for
automatically generating security rules. In Proceedings of the 13th International
Conference on Future Internet Technologies (p. 7). ACM.
LIdster, W. and Rahman, S. S., 2018, August. Obstacles to Implementation of Information
Security Governance. In 2018 17th IEEE International Conference On Trust, Security
And Privacy In Computing And Communications/12th IEEE International Conference
On Big Data Science And Engineering (TrustCom/BigDataSE) (pp. 1826-1831). IEEE.
Martin, Y. S. and Kung, A., 2018, April. Methods and Tools for GDPR Compliance Through
Privacy and Data Protection Engineering. In 2018 IEEE European Symposium on
Security and Privacy Workshops (EuroS&PW) (pp. 108-111). IEEE.
Peltier, T. R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Ramalingam, D., Arun, S. and Anbazhagan, N., 2018. A Novel Approach for Optimizing
Governance, Risk management and Compliance for Enterprise Information security
using DEMATEL and FoM. Procedia Computer Science. 134. pp.365-370.
Soomro, Z. A., Shah, M. H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information
Management. 36(2). pp.215-225.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Online
Importance of Information Security manager. 2018. [Online].
<https://kirkpatrickprice.com/blog/why-every-company-needs-an-information-security-
program/>.
8
Importance of Information Security manager. 2018. [Online].
<https://kirkpatrickprice.com/blog/why-every-company-needs-an-information-security-
program/>.
8
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.