ITIL Foundation Online Training - $47/mo Description: 14+ Hours, 200+ Practice Questions, Lifetime Access, 100% Online, Self-paced Click Here

10 Full ITIL Mock Exams for only $25/mo.Check if you are ready to take the ITIL Exam and crack it in the first attempt Click Here

Friday, March 16, 2012

Role of IT Security Manager

The IT Security Manager is responsible for defining the Information Security Policy and establishing the ISMS. Once these are in place, it is the IT Security Manager’s job to ensure that all the proper controls are in place, people are aware of the policy and their responsibilities and that the security system is functioning correctly. The IT Security Manager is the focal point for all security issues.

Service Operation teams are responsible for conducting day-to-day activities to manage operational security. It is important that these roles are kept separate from those of Security Management to prevent a conflict of interest. Operation roles include:
• Policing and reporting
• Providing technical support and assistance
• Managing security controls
• Screening and vetting individuals
• Providing training and awareness
• Ensuring that security controls are appropriately referenced in operational documentation.

Metrics used in Information Security Management

Security Management metrics are needed to ensure that the organization can meet both internal and external security requirements found in SLAs, contracts, legislation and governance. Metrics that can be used for this purpose include:
• The number of security-related Incidents per unit of time
• The percentage of security-related Incidents that impacted services or users
• The number of security audit issues and risks identified
• The percentage of security audit issues and risks resolved
• The number of changes and releases backed-out because of security issues
• The average time to install security patches

Prev: Controlling Access to Facilities

Next: Relationship with other Processes

No comments:

Post a Comment


© 2013 by All rights reserved. No part of this blog or its contents may be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the Author.


Popular Posts