Help Wanted: Security Staffing and Recruiting
MetLife CSO Robert Cordier answers readers' questions about security recruiting.
January 09, 2003
—
CSO
—
MetLife CSO Robert Cordier answers readers' questions about security recruiting.
Q: How do you determine "appropriate" levels of security—levels that have a direct impact on the amount of budget you're given? Information security, as a profession, seems to be grappling with this question more than ever.A: Since 9/11, in my opinion, most corporations have appropriately augmented security-related budgets with generous enhancements to upgrade security measures. Determining the appropriate level of security is most effectively done by taking a holistic view of the enterprise. First, there should be a security template to identify policies, procedures and installations of equipment and technology for consistent application throughout all facilities. While not all budgets will provide for the immediate enhancement of all facilities to this threshold level of security, an analysis and prioritization of security upgrades across an enterprise will allow for a phased implementation of these security enhancements.
To identify components that require security upgrades, a comprehensive security questionnaire can provide a ranking of the most crucial and sensitive operations. From this ranking, immediate and more concerted security enhancements can be targeted with minimal impact on the security budget.
Onsite security reviews and inspections of facilities or lines of business is mandatory by the security component. Where possible, this function could be contracted to reputable security consultants for independent review.
To complement these processes, the implementation of an effective crisis management initiative, involving representatives from all business functions and operations, is effective in establishing policies that enhance the security program throughout the corporation. The crisis management process can justify budget enhancements to those who might otherwise be ignorant as to the need or value of certain security expenditures.
ESSENTIAL READING
How to hire, manage and retain security professionals, build a team and next-generation leaders, and keep your own security job / career rewarding and successful
CSOonline's security job board - free
Looking for the right candidate? Want a new position yourself? CSO's job board is the place to go.
CSO resumes: 5 tips to make yours shine
Establish your brand, highlight business accomplishments, and more (Insider registration required)
Making a security career (not just a job)
6 steps to security success for young upstarts
How to recruit and retain the best young employees
The security recruiter directory
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
- Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
- Enterprise Security eGuide
- In Denial?...Follow Seven Steps for Better DoS and DDoS Protection
- CSO White Paper - Desktop Virtualization: Empowering Information Security
- Virtual Desktop: The Security Dividend
- Achieve Workforce Continuity and Keep Your Business Running-No Matter What
- Howard Schmidt went the distance
With Howard Schmidt leaving the White House at the end of the month, the critiquing of his tenure is in full swing -- as it should be. There are still plenty of loose ends dangling in D.C., most notably Congress' inability to craft legislation that strikes the right balance between security and privacy. - #FFSec: Security pros to follow on Twitter, May 18
- DHS cybersecurity official leaves more questions than answers
More Salted Hash with Bill Brenner
