This is truly the digital age, and for companies that need to store vast amounts of data and other information there is a powerful need for good digital security. This article points out that a security director for a company also has to be responsible for employee and building security, but high on the list of duties is maintaining a safe and secure digital information storage policy.
Security Roles
In the present digital age when a substantial amount of data and other key corporate information is stored in servers, the word "security" takes on a new and more important meaning. "Security" in the past has simply meant keeping the doors locked, hiring a professional agency to protect the building and employees, and taking other steps to assure the security and safety of the assets of any given company. But today a security agency -- or a security officer in any company -- takes on a far greater duty and responsibility because of the threat that is posed by criminals, hackers, and other interlopers that would steal or malign a company's precious secrets and strategies. This paper delves into the need for a new kind of security in a digital age.
What is the role of a security director or security officer?
Derek Slater is a Harvard graduate who is currently a public policy director at Google. Slater explains that a "chief security officer" (CSO) was initially used as the key individual who would hire and train staff to protect the company, physically and digitally. The CSO designation has also been used to describe the leader of "corporate security" functions, including physical security and the safety not only of employees but of facilities and assets. Today in most corporate settings the CSO is the executive responsible for both the physical and digital assets. The CSO engages in "business continuity planning, loss prevention and fraud preventions, and privacy" (Slater, 2011).
Hence, it is fair to say that in many forward-thinking corporations there has been a merging of all forms of security "…under a single organizational umbrella," which has been somewhat controversial but because of the fact that technology is advancing to rapidly, Slater believes this is prudent business policy. "…the ultimate task for CSOs and security professionals is to add business value and create competitive advantage for their companies" (Slater, p. 1).
Responsibilities for the security director -- AKA CSO -- in terms of protecting a company's assets include: a) leading "operational risk management activities to enhance the value of the company and brand"; b) oversee a network of vendors and directors who safeguard assets, intellectual property, and computer systems (and the physical safety of employees); c) set goals and metrics for protection; d) implement a "global security policy" that matches standards by other international agencies; e) establish video surveillance for protection of employees; f) prioritize "security innovations and spending based on appropriate risk management"; g) establish and maintain good relationships with federal, state and local law enforcement and government agencies; h) supervise "incident response planning" and oversee investigation of "security breaches" and i) contract with outside consultants in order to assure digital security measures are in place to prevent breaches (Slater, p. 2).
What skills are necessary for a security director?
Slater explains that beyond high intelligence, a CSO should be articulate and persuasive, who can convey "security-related concepts to a broad range of technical and non-technical staff" (p. 2). Also, the CSO should have a broad range of experience with "business continuity planning, auditing, and risk management"; he or she should also have experience negotiating contracts with vendors and others (Slater, p. 2). Anyone hired as CSO should have a "strong working knowledge of pertinent law" and how the law enforcement community interacts with corporate interests vis-a-vis digital security and physical security. Also, it goes without saying that anyone hired in an important position like this one should have a wealth of experience and knowledge pertaining to information technology and information security (Slater, p. 2).
The broad spectrum of activities a CSO must engage in Author Tyler Justin Speed explains that while it security staff can be counted on for the most part to protect stored digital data, unless the chief of security is fully aware of the potential for "internal threats" he or she is missing the boat. In other words, employees with access to server rooms can access databases, computers, routers, monitors and other "physical parts of the network infrastructure" (Speed, 2012). Speed insists that it doesn't matter "…how good the firewall installed at a network's gateway to the Internet is; if a computer's disk drive is not physically protected," a person who is not authorized can upload "malicious software" into one of the network's computers. All the date contained in that computer hard drive will then be compromised, Speed explains. Hence, the CSO must take great pains to protect network data from employees. '
How the CSO can be reasonably assured that new hires are honest: a) there must be a very thorough background check (it costs the company money); b) the applicant must be given a "skills assessment test" to determine what he or she knows about digital technology; c) references must be checked thoroughly; d) once vetted, the new hire needs to be well trained by security and administration professionals; and e) a "culture of security awareness" needs to be established (Speed).
You’re 82% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.