With many companies depending on security systems for the well-being of their businesses, the position of security manager has become an integral part of any organization. Hackers, cyber terrorists and other individuals might be out to steal valuable business and trade secrets. In some cases, it’s even current employees of a company are possible threats, as these might release confidential information to unwanted parties, whether intentionally or unintentionally.
An information security manager handles different areas in any company’s security portfolio. These include managing communications protocols (such as email systems), securing the corporate network, hardware security (against theft and loss), and protection of data.
For years, the industry of security management has not been regulated, but due to the need for tougher standards, the Information Systems Audit and Control Association or ISACA has recently established an accreditation program for those who desire additional credentials that can establish their competency in the field. The Certified Information Security Manager certification is intended for managers in the IT security field.
Examination. To get accredited with the ISACA, the first step would be to accomplish a standard written examination. There are two exams scheduled per year, and you can easily inquire with the ISACA at isaca.org for schedules and requirements. Examination is only the first step in being accredited, though, as the organization requires continuing commitment prior to long-term accreditation. Once an applicant has passed the examination, he is considered a qualified member, which is valid for up to five years, which will be extended as the member meets other requirements.
Professional ethics. After passing the exam, a member is required to agree to a code of professional ethics, meant for practitioners in the IT security field. This code includes various practices and standards that each member is expected to meet, such as compliance with set standards, professionalism, client confidentiality, and the like.
Work experience. Qualified members are also required to present proof of work experience in the field of information security management. The organization requires five years of experience in information security management, in which a qualified applicant can apply practical experience in the different sub-fields of the industry, such as information security audit, teaching experience, or other certifications.
Continuing education. Members and certified individuals are expected to undergo continuing education to further enhance their knowledge in the field. The program requires 20 hours of study annually, and a qualified member is required to pay nominal fees. Continuing education is a requirement for continuing membership and accreditation.
In most cases, companies and government institutions will not necessarily require a certification from potential or current information security managers. However, being certified adds to one’s qualification, and will be an edge, in case of competition with other managers or prospective appointees to such positions. Being certified also ensures that security managers are armed with up-to-date knowledge, and that one adheres to the standards set by the organization, in terms of a security manager’s ability to carry out one’s tasks in ensuring safety and security of a business’ data.
Be the First to Comment on this Article