For the Business Information Security Program (BISP), personnel decisions, from recruitment, to selection, to promotion or demotion, are all based on the results of a formally conducted “job analysis” that uses systematic procedures to comply with Equal Employment Opportunity Commission (EEOC) and Title VII statutes. The unit of analysis is the job, not the job incumbent. Companies that fail to conduct job analyses are exposed to liability in the event of charges of discrimination in personnel practices. This is because the job analysis identifies and describes the tasks performed on a job, and ultimately all personnel decisions are based on the performance of those job tasks. From determining pay ranges, to recruiting and testing the qualifications of job applicants, the overriding purpose is to select the highest-performing job applicants—those who can best perform the tasks identified by the job analysis. Yet many companies do not conduct job analyses, out of a mistaken belief that doing so is too costly or because of misunderstandings about the purpose and procedures.

Indeed, there is confusion about the job analytic procedure, perhaps because, over the years, researchers have discovered new approaches and techniques that have added new language and methods to a once-basic traditional procedure (which, nevertheless, still complies with legal statutes). Today, terms associated with job analysis, such as “knowledge,” ...