An information security officer is charged with the responsibilities of developing and implementing policies and procedures to protect information that is being disseminated from within an organization or protecting sensitive data that should not be made public.
The information security officer, or manager, is not only concerned with securing information and data, in its present form, but the officer also has the responsibility to ensure that certain kinds of informational resources remain confidential, that all data is of a high integrity and is accessible when users need it.
The Information security officer (ISO) is primarily concerned with securing sensitive information and data, irrespective of what form it is in: electronic or print. In addition, an ISO has responsibility for the following areas, at least as they relate to information security.
Duties and Responsibilities of an Information Security Officer
Act as a Spokesman– Organizations will find it to their advantage to centralize the channels through information can flow, especially when the data or information is of great strategic value. The chief information officer or manager is the point of contact for persons who are seeking information about the organization.
The Information officer works with internal clients to ensure that information, reaching the public, doesn’t compromise the overall ethos and objective of the organization, while at the same time trying to satisfy those who made requests.
Design the Information Security Policy – This involves creating procedures and documenting best practices methods for safe guarding records, documents and files that exist within the organization, particularly those that have some bearing on the organization’s strategic or competitiveness advantage.
Risk Management – In an effort to enforce the security policy, frequent and consistent audits must be done on network components as well as the personal computers of employees to find vulnerabilities and breaches of the security policy.
Enforce Security Policy – If there are security policy violations, the chief information security officer has the responsibility to reeducate the offender, take or recommend disciplinary action and implement damage control measures.
Train Employees – The information security officer must see to it that members of staff are educated on information security best practices and procedures, as they are outlined in the organization’s security policy. In some cases this will be done in collaboration with the human resource department. Employees will also need to be informed of the information dissemination hierarchy and the procedures that should be followed when there is a request for information from internally and externally sources.
Information Security Officers and Competitive Advantage
It is important for organizations to maintain their competitive advantage and a good public image by carefully controlling the type, amount, nature and timing of information that is released to partners, suppliers, customers and the general public. This includes centralizing the information dissemination process, as well as controlling or restricting access to information and data, especially those of a sensitive nature.
Source:
Tipton, Harold F, Micki Krause. "Information Security Management Handbook," Vol 2. CRC Press, 2007
Steve McFarlane - I am a professional freelance writer who is passionate about bringing quality and relevant content to my audience of readers. I strive to ...
Join the Conversation