C.6 Summary 321
Appendix C
C.5.4 Accountability
The information security manager is accountable for successful implemen-
tation of the information security program. Therefore the information
security manager must:
Maintain technical knowledge about systems, networks, and telecom-
Maintain technical knowledge about information security technology
Effectively manage staffing and budget
Ensure a competent, motivated, and knowledgeable staff
Be able to function effectively in a dynamic environment
Provide prompt information security support to all users of the sys-
tems and networks
Maintain effective communications with all departments
Maintain good relationships with appropriate vendor and industry
Participate in industry events and maintain currency in security skills
C.6 Summary
We have taken a brief look at what is required to put together an effective
security function in an organization. Management of a security function
requires planning and a deep understanding of the concept of risk manage-
ment. The interface between the CSO/CISO, HR, and legal counsel can-
not be emphasized enough. Their partnership is key to successful
implementation of a site security plan. The basic precepts of security, such
as incident response, forensics, training and awareness, perimeter security
measures, intrusion detection, secure remote access, and so on, have been
discussed in terms of establishing functions devoted to those functional
areas. Policy development and the role such policies play in an organiza-
tions risk management and site security plans have also been covered. We
looked at issues regarding staffing and hiring security personnel, and we
reviewed the items a security manager should be held responsible and
accountable for in performance of his or her duties in an organization.
While this introduction does not cover specific policies per se, it has covered
the reasons why they are important.

Get Business Continuity and Disaster Recovery for InfoSec Managers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.