Chief Information Security Officer
Student’s Name
Institutional Affiliation
Chief Information Security Officer
Summary of the Answers
Information security job descriptions have common aspects that are relatable to each of the organizations that have job openings looking forward to hiring chief information security officers (CISO), ISSO, or Cybersecurity officers. As such, the three companies in Australia have been able to identify the respective roles, once hired; the chief information officers will perform according to the identities job descriptions. Similarly, their similar patterns of the jobs identified in each organization. Though the job position is classified differently, they share similarities, in terms of how they coordinate with management of the organization. There is a need to improve and enhance the current systems of information security in the jobs they are applying for in the potential organization.
The AS/ISO27000 regulations provide a standardized procedure of roles and positions the information security experts ought to play in an organization. Similarly, neutralization techniques used by employees when they violate information security can be curbed using the principles of deterrence theory of punishment for crime. As such, the application of sanctions has been one of the viable forms of punishment to prevent employees who breach organization policy. Also, businesses should allow and improve user participation as a measure for limiting violation of security codes on the safety of information. Instead of depending on an individual expert to manage and implement information security systems, there is a need to involve more of members of the organization in solving security issues of information.
Q1.1
Summary of the Key Aspects of the Job
Perspecta Company has a job opening for Information system security officer (ISSO). The company is located in Larrakeyah Darwin’s city found in the Northern Territory of Australia (Careerone,2020). Also, there are pertinent requirement and responsibility for the position that an applicant ought to have. These requirements are not only in terms of credentials but also in experience and technical know-how. The company is looking for an applicant with the following set of skills: malicious code eradication, authorization and assessment of the company’s information system, and the configuration of the management in line with the security system. Also, the ISSOs should have the know-how of implementing common features of information security practices.
Apart from the ISSO position in Perspecta Company, the Melbourne CBD VIC located in the state of the Victoria is looking for the Chief Information Security Officer (CISO). The person should be able to implement and monitor the enterprise information by ensuring that it is secure. Also, the applicant should be in a position to work with the management to reduce and assess any risk related to data. The CISO should be a leader to guide the implementation team on better ways of enhancing cybersecurity. The salary for this job position is $25,000 for fulltime basis Adzuna(2020).
Also, Peoplebank located in Sydney is looking for Cyber/Information Security officer to take the position with the following job description: implementation of business information and cybersecurity programs (Careerone,2020). Similarly, a person should be able to perform cybersecurity risks. The daily work routine includes performing a daily cyber risk assessment for the company and to ensure that the management information system is protected from the cyber-attacks. Also, the personnel should be in a position to advise the management on the necessary control and improvement of the current system information programs of the company. The estimated salary for the position is $ 1000.
Q1.2
There are recurrent patterns and aspects in the three job listings, which include the responsibilities and the job qualification that are required from the applicants. As such, the positing of the chief information security officer (CISO) and information system security officer are related in the sense that responsibilities and job descriptions are similar if not the same. For instance, the CISO is supposed to conduct a routine check on the organization’s information security system. The two positions have similar roles when it comes to implementation of the cybersecurity measures. As such, there potential applicant for this position ought to have a level of competency on cybersecurity and means of enhancing data of the company.
Similarly, cybersecurity officer/ information security officer ought to have similar knowledge when it comes to the assessment of the cyber-attacks risks that a company might be facing. It is for this reason that the recurrent knowledge and technical know-how of the three job listings are applicable in the organizations that are hiring their services. The issues covered this semester are relatable to the job aspects in a way that the departments hiring the applicants have similar structure and organization in the security officer roles are linked to the management and other departments in the company. For this reason, CIO or the CISO ought to have leadership skills to help in the implementation of the security measures and data handling processes. Thus, information security is an integral part of the responsibility given to all the three job listings.
The AS/ISO27000 series standards are applicable to the job listings in the sense that it provides a guide for management standards and systems for information security. Similarly, the ISO 27000 series have provisions for the control of the information system in organizations.
The job listing listed when I used the keyword information security was not much different when I used cybersecurity. The search result had jobs with titles that are indicated information security in the job description. As such, cybersecurity was entailed in the information security job searches. Similarly, a chief security officer ought to have knowledge of cybersecurity since it is part and parcel of securing an organization’s data.
Question 2.1
The neutralization techniques used by the employee in violation of the information security entail fault-finding in the systems weak links. As such, the system under the control of the information security personnel is susceptible to such officer. As such, the employees use the weak links of the systems as neutralization technique of violating the information security codes of an organization (Siponen& Vance,2010). User participation is a threat to information security in instances where they fail to meet the required standards for maintenance of the security systems. Blame is usually attributable to the systems instead of the employee responsible for breaching the system.
Question 2.2
Businesses should put a stringent policy on security information for any employee who violates the information security codes designed by the company. Similarly, sanctions are applicable as a measure for using in curbing violations for information security. Siponen& Vance (2010), contend that sanctions are an apt technique that organizations can use, which resonates with the deterrence theory for the punishing people who commit crimes. User participation is has been regarded as a source of the employee neutralization techniques. However, it can as well serve a measure for reducing violation of the information security in instances where the uses are made aware of the consequence of violating the system. Most importantly, creating awareness among the employees will develop a sense of prioritizing to secure the information of the organization. Unlike an instance where the employee use system’s weak links to violate the policies and use them as neutralization, increased user participation will further involve more employees (Spears &Barki, 2010). I think with the most of the employees working together with chief information security officer there will be shared responsibility whereby each of the staff is equipped with the right information on how to handle the security issues that may arise. Also, in the absentia, if the chief information officer, other employees are able to coordinate with another department on the best approach to increase the security of the information.
Additionally, increased user participation translates to the involvement of the employees at the stages of planning and implementing the systems information security. As such, more stakeholders will have the technical know-how to safeguard the information rather than depending and entrust one person with all the information of the organization who might use for personal interest and gains. Thus, it is imperative to have increased user participation as a measure of ensuring information safety not only with the top company’s officials in charge of such positions and responsibilities but also the rest of the staffs within such an organization.
References
Adzuna(2020). Information system security officer (ISSO). Adzuna. Retrieved from https://www.adzuna.com.au/details/1465615842?se=LCsLghmO6hGVUhrHGWZC8A&v=E26B3E0994F43BAB24418B71607C3874037CDF96
Careerone.(2020). Chief information security officer. Careerone. Retrieved from https://www.careerone.com.au/chief-information-security-officer-jobs?jobview=db56a586-41a7-4418-bd8b-f208905c4c34
Siponen, M & Vance A9. (2010). Neutralization: New insights into the problem of employee information systems security policy violations.MIS Quarterly, 34(3), 487-502, A1-A12.
Spears, L &Barki, H. (2010).User participation in information systems security risk management.MIS Quarterly, 34(3), 503-522.
