Intelligent CISO Issue 04 | Page 30

The
number of trained information security officers is much lower than the number of cybercrimes happening today .
editor ’ s question
JORINA VAN RENSBURG , MANAGING
DIRECTOR OF CONDYN

?

The

xecutives and

E senior managers of companies should be more aware and look at the global market and the threats out there . The lack of focus of senior executives on security information skills , security officers or risk managers is a major cause for concern . These positions have been underrated and limited focus has been placed on these critical positions in the past and , even at present , this is not addressed .

The security problem that needs to be addressed by these executives could be solved with the help of technical specialists with system administration skills but they will require specific attention and training and trust as they will manage the security , information and assets of a company .
Until recently , financial support wasn ’ t properly distributed among IT services and investment was made in the whole IT infrastructure . The area of information security lacked financial contribution and in most cases the budget allocated was simply inadequate .
Companies now have a major security concern that needs to be addressed with a very small and limited security information group globally .
Today the information security workforce shortage is evident . Companies acknowledged the importance of business protection and financial loss prevention but not all of them hired info sec officers . They opted to make executives and system administrators responsible for corporate network control .
The training programme prepared for future info sec specialists should be elaborate and comprehensive . The educative process should be enhanced , the theory and practice well structured .
Existing training often provides only an introduction to the instruments which a specialist is going to use in the workplace . Business protection should be approached the other way – the basics of info security should be studied and the mechanisms of its operating analysed while terms and conditions of secure implementation are considered .
As soon as the current info security situation is re-analysed and evaluated , changes should be made regarding the investment strategy . Ideally a company shouldn ’ t resort to outsourcing to security researchers , it should have its own experts who are aware of information security trends and requirements and are familiar with all the nuances within the company ’ s network .
It is important not only to train the correct experts but to attract those who may want to choose this occupation . Not only do we need to make the data leaks or the cause of the problem public but we should place more focus on those people who prevent or discover these vulnerabilities or leaks . To fight violators who become more and more inventive and resourceful we need to be inspired .
The stories where information security officers play key roles appear to be even more enthralling than the news reporting about cyberattacks .
Misunderstanding , ignorance of information security requirements by executives and HR specialists can cause the skills and workforce shortage . Searching for the right candidate who will protect your corporate network is an intricate task . An HR manager should know what an info security officer is obliged to do . HR specialists are to be aware of all the internal corporate processes , weak spots , access rights and policies .
The number of trained information security officers is much lower than the number of cybercrimes happening today . The stealing and obtaining of data and confidential information provides income to the criminal which is costing companies a lot more than the earnings received by security experts who help businesses prevent information and data loss or misuse . u

number of trained information security officers is much lower than the number of cybercrimes happening today .

30 Issue 04 | www . intelligentciso . com