As an information security manager, you enter each day not knowing what it may bring, in spite, perhaps, of having a well-formed plan or at least a to-do list. Each event or incident that you encounter is only a whisker away from being a full-scale breach, depending upon your knowledge, skills or ability to cope under pressure.
But what all information security managers must appreciate is that there is no such thing as 100% security and you can never be 100% risk free.
In Once more unto the Breach Andrea Simmons offers priceless advice for information security managers, including:
Delivering a security project
One of the key failures of security management is that it is perceived as a project and thus, by its very nature, is assumed to have a beginning, middle and an end. In reality, security is something that needs to be embedded into an organisation – and because of this, it lends itself more to a programme than a project because there is no real end to these activities: security will need to constantly change in order to adapt to the information risks that arise.
Get staff to buy into you
You have to show a certain level of commitment to delivering the programme in order for people to start to buy into the idea that things are going to be different. The ISM has to be seen to realise some quick wins as early as possible in the programme.
The longer you are in an organisation, the more physical security starts to take shape as a really valuable mechanism for providing visual aids that you can use as examples of the change that people need to embrace. Every day, you should be able to identify an event that has happened or find an example of an event that is likely to happen, just by doing a tour of your buildings.
Creating policy documents
Policy documents themselves need to be short and punchy, direct and to the point. They are a clear statement of the stance an organisation is taking on a particular technology, people or process issue. They should be supported by procedural documents, controls or standards.
Managing information security in an uncertain world
Speaking directly to information security managers, Once more unto the Breach – Managing information security in an uncertain world offers priceless advice to help you understand:
- How to pull a team together and kick-start your project;
- Key activities you should be spearheading to ensure the organisation is appropriately secure;
- How to ensure compliance runs throughout the whole organisation, including ideas to keep it alive;
- Physical security issues that can cause you difficulties;
- The scope of activities that can be expected of you.
*Excerpts from this post were taken from Once more unto the Breach – Managing information security in an uncertain world by Andrea Simmons.