Considering the vast amount of attention focused on information systems protection over the past four years, it’s understandable that many SMT readers have indicated an interest in specialising in this area. Information systems security has been viewed as not cost-effective and perhaps a dull subject by those responsible for programming bytes, but now things are very different.
“Regulatory compliance” and “customer assurance” are two major factors that must be given high priority if a business is to succeed. E-commerce cannot exist without robust security methodology frameworks being in place. The corruption or loss of information is the major cause of bankruptcy in the US, according to the Department of Trade. There’s no finer business case for security than that warning, which is the sole factor for increasing the remuneration benchmark for IT Heads of Department above the £150k barrier.
IT security policy is, in the main, no different to the access control systems implemented by those responsible for physical security, but how do you make that career crossover?
Firstly, we have to learn about “data”; it’s characteristics, how it’s stored and how it’s transported around. Identify the importance of data and its value to an individual or an organisation — is it a trade secret or confidential?
The internet is a good place to study and gather a huge amount of knowledge. It’s also worth keeping an eye out for conferences. Companies selling security solutions to IT managers often hold free seminars, so go along and get a better understanding of what’s going on and increase your awareness.
A large part of IT security revolves around technical architecture issues. For instance, the working environment is saturated by those educated to a degree level in computer sciences. If you want to invest in your career and increase your annual salary, then consider taking a diploma or postgraduate degree.
It’s important to learn about data protection legislation and how it affects IT systems; study the Data Protection Act, and become an expert. If currently employed in an asset protection role then ensure you know what your employers are doing to manage this issue. Ask them: who is currently administering data registration; who responds to data enquiries; and who understands what is to be released. Empower yourself and take ownership. Then get it on your CV.
And remember: information systems security is a multi-billion dollar industry because closed information systems attract mayhem guerrillas like a moth to a flame — it’s good to be part of it.
Source
SMT
Postscript
Andrew Fletcher is head of IT, risk and fraud for SSR Personnel. Fletcher has been with SSR for nine years and leads his team in servicing a broad section of high-tech clients, including financial institutions and Internet Service Providers. Call him on 0
