Abstract
Establishing and operating an effective information security management system within an organization is never an easy job. Organizational culture, management support, budget restrictions and many other factors affect the security efforts of a company. Although the information security academic literature is growing, there is no clear guidance in several fields of the topic, therefore the life-tested best practices can be a useful aid in operating such systems. The aim of this paper is to provide a short guidance regarding the basic steps of a beginner information security manager, and maybe to give some useful thoughts to the experienced officers, as well.
Highlights
Information security practices and methodologies are evolving every day
An information security manager should be aware of the changes in this field, train himself/herself and always be ready to respond to the upcoming threats and security challenges
At the end of the day, the senior management has to understand the importance of information security, and with the support of a security team, the business and security goals can be achieved
Summary
Money cannot be an excuse: take your organization’s head of IT operation and a technician from that department, an IT technician with security experience, somebody from the management (with the right to make decisions), a communication expert, train them, build up escalation channels and procedures, and your very own incident response team is ready. It will not be equal with an SOC or a CERT, but an information security manager has to adapt to the limits of the organization. It is worth making exit interviews in order to reveal what kind of failures they have seen in the organization’s information security system during their employment
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
