Information Systems Security Manager
What is an Information Systems Security Manager?
An Information Systems Security Manager or ISSM is responsible for the security of a corporate network, its hardware, its software and its data. Also called an Information Systems Security Management Professional or ISSMP, the ISSM’s primary responsibility is information security and every activity that affects system security.
What Does an Information Systems Security Manager Do?
Information Systems Security Manager responsibilities depend upon the company and the particular job position. Information Systems Security Managers often design information security policies and roll them out across an organization.
Information Systems Security Managers may have the responsibility to ensure that data is segregated on separate networks, such as ensuring that classified data for defense contracts is separate from the unclassified network used by most employees.
An ISSM could have the responsibility to design IT systems, group polices, firewall specifications or identity management systems. They will share responsibility for periodic audits to determine of information security policies are being followed and if the policies meet various standards like the ISO 27000 standards family, National Industrial Security Program or NISP, or Office of the Designated Approving Authority or ODAA. The task of performing audits may be shared with a Certified Information Systems Auditor or CISA or rest solely with the ISSM.
An Information Systems Security Manager participates in IT risk assessments and strategies to deal with evolving information security threats. For example, when confronted with compromised Java versions, the ISSM could decides to push an upgraded Java version on all computers on the network or install security tools that prevent the Java or JVM code from affecting the user’s machine.
When the ISSMP is informed of the risk of malicious software being installed on a user’s system simply by visiting an infected website, the ISSM could add these sites to the company blacklist to prevent employees from accessing them. Or the Information Systems Security Manager could tighten user permissions so that no one can install software on a computer without administrative privileges, which also blocks the malware installation.
An ISSM works with management to determine the encryption methods used on a network and the antivirus and proactive information security tools to set up on the network. A good ISSM reviews the information security bulletins put out by their software vendors of recently discovered threats and quickly installs patches or security fixes on the network.
Information System Security Managers should review reports of information security violations such as users trying to install unlicensed freeware or access information they should not have. This is in addition to generating reports on intrusion attempts, malicious software infections fixed and phishing emails sent to employees.
The ISSM in a large organization may manage an IT group with multiple employees who handle help desk requests for suspected malware infections, data leaks and access requests. Information System Security Managers develop the procedures to be used when malicious software infections are discovered, such as whether machines must be unplugged from the network and the response time expected of help desk personnel.
An ISSM supervises the security testing of new software and hardware systems before they are integrated with the IT network. The ISSM may work with the CISA to ensure that hardware is properly disposed of to prevent information loss. An ISSM could have the responsibility of formulating information security policies and teaching these policies to new employees. An ISSM will work with an Information Assurance Manager to ensure data quality and IT system backups.
What Education Does an Information Systems Security Manager Have?
An Information Systems Security Manager or an Information Systems Security Management Professional usually holds an Associate’s degree or Bachelor’s degree in Information Technology, Computer Engineering or another technology field.
An ISSM may have a computer technical certificate such as Microsoft Certified Solutions Expert or MSCE or the Global Information Assurance Certification or GIAC certification. The ISSM may have taken courses to study for the ISSM exam or used books for self-study.
How Does One Earn the Information Systems Security Manager Certification?
The Information Systems Security Manager Professional or ISSM certifications are earned by taking exams offered by the International Information Systems Security Certification Consortium, also known as the (ISC)², isc2 or ISC-squared.
The ISSM and ISSMP certifications are separate from the Certified Information Security Manager or CISM certification offered by ISACA International. However, you can earn and thus possess both CISM and ISSM certifications.
These certifications are available to anyone who studies and then passes the exam. Information security professionals may hold these credentials in addition to a college degree or earn a series of information security certifications until achieving ISSM certification.