All companies rely on data as a primary asset. Therefore, they depend on information system integrity, availability and confidentiality for successful business operations. Security professionals range from top-level strategic planners who make sure technologies and policies always meet the evolving needs of the business, to engineers responsible for implementation and operations of security services. Each security technologist plays a vital role in investigating and strengthening each layer of security so information systems are always available for authorized employees.
Chief Information Security Officer
A chief information security officer, or CISO, holds the senior security leadership position in a company. CISOs have a well-rounded understanding of information security practices and business expertise. Working with department leaders and executive management, they develop security policies, guidelines and technology services to meet business, technology, legal and regulatory requirements. CISOs make sure security services are executed as investments in the company's success and properly planned to support its objectives tactically and strategically.
Security architects work with the CISO, company leaders and colleagues to translate business requirements to technology plans. Like CISOs, architects have a combination of technical and business expertise that allows them to work closely with technical and nontechnical colleagues. Architects assess vendor services and technologies to determine short- and long-term investment requirements. They also collaborate with each area of the information systems to develop a comprehensive security design for a strong return on investment.
Security engineers provide installation and operational support for security services. They incorporate hardware and software designs to protect information systems from threats while protecting the integrity of business data. Engineers serve as project team members to implement the solutions created by architects. Operationally, they monitor and manage the daily security activity for network systems, e-mail, wireless networks and computers to ensure the integrity of hardware and software on a continuous basis.
Security auditors evaluate the integrity of information security services and provide management and IT colleagues with compliance reports and recommendations for improvement. Auditors can be part of a company’s information security department, and might be assigned to review internal systems. Or, they could be external consultants who provide periodic evaluations. Audits evaluate risks factors that can breach a company’s security service, and they identify vulnerabilities requiring corrective action.
- Martin Poole/Stockbyte/Getty Images