Information Security Roles and Responsibilities Made Easy

Job Descriptions, Mission Statements, And Reporting Relationships

Charles Cresson Wood

Publisher: Pentasafe, 2001, 242 pages

ISBN: 1-881585-08-5

Keywords: Information Security, Human Resources

Last modified: Aug. 6, 2021, 3:30 p.m.

The new reference book, Information Security Roles & Responsibilities Made Easy book and companion CD-ROM, provides practical, step-by-step instructions on how to develop specific information security roles and responsibilities. This book provides advice on how to get management to pay more attention to information security and allocate realistic budgets for information security staffing. The book will help you quantify and generate more respect for the information security function within a company by pointing out ways that an information security team adds value to a business.

This new book and companion CD-ROM, is a publishing first providing mission statements, 40+ job descriptions, reporting diagrams and more.

  1. What Can This Book and CR-ROM Do For You?
  2. Why Do You Need To Clearly Document Roles & Responsibilities?
  3. Why Has Information Security Become a Team Effort?
  4. What Needs To Happen Before You Document Roles & Responsibilities?
  5. How Often Should You Update Roles & Responsibilities?
  6. Who Should Actually Write Roles & Responsibilities?
  7. What Type Of Review And Approval Process Is Necessary?
  8. What Resources Are Required To Document Roles & Responsibilities?
  9. How Long Does It Take To Document Roles & Responsibilities?
  10. What Specific Documents Should You Prepare?
    1. Information Security Department And Other Department Missions
    2. Information Security Staff And Other Staff Job Descriptions
    3. Information Security Department Reporting Relationship Diagram
    4. Information Security Awareness Pamphlet
    5. Information Security Awareness Reminder Memos
    6. Information Security Policy Manual
    7. Information Security Standards Document
    8. Information Security Architecture Document
    9. Information Security Action Plan
    10. Information Security Forms
    11. Systems Administration Procedures Manual
    12. Risk Acceptance Memos
    13. Information Systems Contingency Planning Manual
    14. Organizational Code Of Conduct
    15. Standard Operating Procedures (SOP) Manual
    16. Systems Development Process Manual
    17. Application Systems Requirement Documents
    18. User and Computer Operations Applications Manuals
    19. Records Management Policies And Procedures Manual
    20. Worker Performance Reviews
    21. Systems Usage Responsibility Agreement
    22. Outsourcing And Consulting Agreement
    23. Confidentiality And Non-Compete Agreements
    24. Human Resources Manual
    25. Physical Security Pamphlet
  11. What Goes Into Mission Statements For Specific Organizational Units?
    1. Information Security Department
    2. Physical (Industrial) Security Department
    3. Internal Audit Department
    4. EDP Audit Department
    5. Ethics And Compliance Unit
    6. External Auditing Firm
    7. Records Management Department
    8. Information Technology Department
    9. Help Desk Unit
    10. Network Operations Unit
    11. Computer Operations Unit
    12. Systems Administration Unit
    13. Database Administration Unit
    14. Data Administration Unit
    15. Insurance And Risk Management Department
    16. Contingency Planning Unit
    17. Computer Emergency Response Team
    18. Legal Department
    19. Human Resources Department
    20. Information Security Management Committee
    21. Information Technology Steering Committee
    22. Board of Directors — Audit Committee
    23. Internal Control Committee
    24. Facilities Management Outsourcing Firm
  12. What Goes Into Job Descriptions For Specific Team Players?
    1. Information Security Department Manager
    2. Access Control System Administrator
    3. Internal Information Security Consultant
    4. Information Security Engineer
    5. Information Security Documentation Specialist
    6. Information Security Contingency Planner
    7. Local Information Security Coordinator
    8. Chief Information Officer
    9. Information Systems Analyst/Business Analyst
    10. Systems Programmer
    11. Business Applications Programmer
    12. Computer Operations Manager
    13. Computer Operator
    14. Information Systems Quality Assurance Analyst
    15. Help Desk Associate
    16. Archives Manager/Records Manager
    17. Telecommunications Manager
    18. Systems Administrator/Network Administrator
    19. Web Site Administrator/Commerce Site Administrator
    20. Database Administrator
    21. Data Administration Manager
    22. Physical Security Department Manager
    23. Physical Asset Protection Specialist
    24. Building And Facilities Guard
    25. Office Maintenance Worker
    26. Internal Audit Department Manager
    27. EDP Auditor
    28. Internal Intellectual Property Attorney
    29. Human Resources Department Manager
    30. Human Resources Consultant
    31. Receptionist
    32. Outsourcing Contract Administrator
    33. In-House Trainer
    34. Insurance And Risk Management Department Manager
    35. Insurance And Risk Management Analyst
    36. Business Contingency Planner
    37. Public Relations Manager
    38. Chief Financial Officer
    39. Purchasing Agent
    40. Chief Executive Officer
  13. What Reporting Relationships Should Information Security Have?
  14. What Factors Will Affect The Customization Of These Templates?
  15. Where Do The Owner, Custodian, And User Roles Fit In?
    1. Owners
    2. Custodians
    3. Users
    4. Overall Comments
  16. What Does A Systems Usage Responsibility Agreement Look Like?
  17. What Roles & Responsibilities Do Product Vendors Have?
  18. What Roles & Responsibilities Do Outsourcing Firms Have?
    1. Risks Of Outsorcing
    2. Typical Areas To Outsource
    3. Topics To Include In An Outsourcing Contract
    4. Due Diligence To Perform Before Outsourcing
  19. What Options Are Available For Smaller Organizations?
  20. Is A Centralized Or Decentralized Organization Structure Better?
    1. A Few Critical Distinctions
    2. Why Centralized Information Security Management Is Advisable
    3. Resolving A Variety Of Implementation Issues
  21. What Common Roles & Responsibilities Mistakes Should You Avoid?

Appendices

  1. Statistical Study On Customary Staffing Levels
  2. Personality Characteristics Of An Effective Information Security Manager
  3. Criteria For Evaluating The Performance Of Information Security
  4. Relevant Professional Certifications And What They Mean
  5. Management Responsibility And Legal Liability
  6. Author's Biographical Sketch
  7. Selected Sources & References
  8. Suggestion Form Soliciting Input To The Next Edition Of This Book
  9. Computer Files Provided And Their Contents
  10. Diagram Of Roles & Responsibilities Definition Process

Reviews

Information Security Roles and Responsibilities Made Easy

Reviewed by Roland Buresund

Excellent ********** (10 out of 10)

Last modified: May 21, 2007, 3:06 a.m.

Do you need a job/role description for information security? It probably exists in this book.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required