Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

1/15/2009
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Free ISACA Guide Helps HR Hire Security Managers

Guide provides a comprehensive resource to help those hiring information security mangers identify candidates who can meet the challenges

Rolling Meadows, IL, USA (12 January 2009)—As information security has matured into its own discipline, many new career opportunities have surfaced. To help hiring managers define these job positions and required skills, ISACA—a nonprofit association serving more than 86,000 information security, assurance and IT governance professionals in 160 countries—has published Defining Information Security Manager Position Requirements: Guidance for Executives and Managers, available as a complimentary download at www.isaca.org/security.

The guide provides a comprehensive resource to help those hiring information security mangers identify candidates who can meet the challenges of the constantly evolving security profession and myriad regulatory requirements, and who demonstrate business skills.

"Enterprises must recruit professionals with the appropriate skills to ensure that information assets are protected from unauthorized use, systems are available, and the continued integrity of information and processes is assured," said Jo Stewart-Rattray, chair of the ISACA Security Management Committee. "The ISACA guide serves to untangle the complexities of the information security management position and provide specific definitions of information security management responsibilities, knowledge and optimal reporting relationships."

Defining Information Security Manager Position Requirements: Guidance for Executives and Managers is intended to serve as a practical guide to defining career paths and essential attributes of the information security manager position for those involved with information security, including human resource professionals, information security professionals, executives, governing bodies, and boards of directors or trustees. It can be tailored to the specific requirements of an enterprise based on its size, scale, nature, resources, position level and complexity.

Due to the varied backgrounds of information security professionals, an essential element of this report is a diagram of the many pathways by which security professionals have entered and progressed in information security positions.

ISACA conducted extensive research to prepare the report, including a comprehensive global job task analysis survey of approximately 600 information security professionals holding the Certified Information Security Manager (CISM) designation, as well as a working group of information security executives, including more than 100 CISMs. ISACA also conducted the Information Security Career Progression Survey, which generated responses from more than 1,400 CISMs worldwide.

The CISM designation is issued by ISACA and is acknowledged by the International Organization for Standardization (ISO) as one of a select group of information security professional certifications receiving worldwide recognition.

About ISACA With more than 86,000 constituents in more than 160 countries, ISACA (www.isaca.org) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by more than 10,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.

About the IT Governance Institute The IT Governance Institute (ITGI) (www.itgi.org) is a nonprofit, independent research entity that provides guidance for the global business community on issues related to the governance of IT assets. ITGI was established by the nonprofit membership association ISACA in 1998 to help ensure that IT delivers value and its risks are mitigated through alignment with enterprise objectives, IT resources are properly managed, and IT performance is measured. ITGI developed Control Objectives for Information and related Technology (COBIT) and Val IT, and offers original research and case studies to help enterprise leaders and boards of directors fulfill their IT governance responsibilities and help IT professionals deliver value-adding services.

Contact: Kristen Kessinger, +1.847.660.5512, [email protected]

Joanne Duffer, +1.847.660.5564, [email protected]

ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21392
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addre...
CVE-2021-21393
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-29429
PUBLISHED: 2021-04-12
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded in...
CVE-2021-21394
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-22497
PUBLISHED: 2021-04-12
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.