The information security function should be positioned through several valid choices. Issues and concerns are also related to each staffing of the information security function. Information professionals are able to gain additional education and credentials to earn recognition in the field. Not only this, but an organizations employment policies and practices can support the information security team as well. Looking at where the information security function should be positioned, we see that there are several valid choices for positioning writes Whitman (2015). The model commonly used by large organizations places the information security department within the Information Technology department and usually has upper management lead the function. …show more content…
Some of these criteria are not within the control of the organization. Qualifications and requirements are factors that influence organizations hiring decisions. Recently, information security has only recently emerged as a separate discipline. This leads to an issue where a lack of understanding among organizations about what qualifications an information security professional should possess. Another concern is in many organizations, information security teams currently lack established roles and responsibilities. In order to establish better hiring practices in an organization requires a few other objectives. First the general management community of interest should learn more about the skills and qualifications for an information security positions and IT positions that affect information security. On top of that, upper management should learn more about the budgetary needs of information security and its positions. Seemingly, this knowledge will enable management to make sound fiscal decisions for information security and the IT functions that carry out many information security initiatives. Lastly, the IT and general management communities should grant appropriate levels of influence and prestige to information security, especially to the role of the CISO (Whitman, 2015 …show more content…
Upper management, like CISO, deal with the management aspect first and the technical aspect second as Whitman (2015) points out. The CSO is a position that may be combined with physical security or may even report to a security manager who is responsible for both logical and physical security. The security mangers are accountable for the day-to-day operation of the information security programs. Lower in the chain, we have security technicians who are technically qualified employees who are tasked to configure firewalls, deploy IDPSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organizations security is correctly implemented (Whitman, 2015