As you know, My Infosec Job is an open space for you to send your articles and reach thousands of Infosec professionals worldwide, leveraging your exposure and credibility in the market. Today, I present you with a useful read by Chris Martin, a senior consultant@ Interim Partners.
Enjoy your read!
We’ve all heard the expression ‘what you don’t know can’t hurt you.’ Sadly, as cloud computing continues to expand, exactly the opposite is becoming true, especially with regard to Information Security. What you don’t know can hurt you – and the company you work for.
The European Union has recently published a 146 page report* on the issue of Information Security, and it highlights the fact that many companies will need to re-evaluate their whole strategy for security as more and more information moves ‘into the clouds.’
What’s true for business is of course, also true for the public sector, which will have to re-examine a host of traditional assumptions about security and service delivery models.
The bulk of this work will fall on an organisation’s Information Security Manager. So if you are – or you’re likely to be – a candidate for such a post, what information do you need to know? Here are several points that have been highlighted by Chris Martin, a senior consultant at leading interim recruitment agency Interim Partners, that are likely to form a core part of any Information Security Manager’s job description.
- There are a wide variety of ‘cloud solutions’ currently available to businesses and organisations. You’re going to need to be able to define the exact requirements of your organisation, so that you can assess the risks inherent in the possible solutions
- Part of this will be assessing how the various cloud models will meet your current and future Information Security requirements
- You’ll also need to define acceptable levels of service and establish benchmarks for parameters such as availability and response times
- How resilient are the various cloud solutions? Again, you’ll need to establish a minimum standard of data security
- Once all the minimum standards for security and resilience are established, you’ll need to make sure that they are included in any service agreements
- You’ll also need to put procedures in place to test all the potential solutions initially – part of the initial due diligence procedure – and to ensure continued testing on an ongoing basis
- You’ll need to make certain that your chosen cloud solution has guarantees in place for their essential services, such as electricity, processing power and storage capacity…
- …but even the best systems will fail occasionally. So check the back-up plans as well
- Finally, does your chosen provider have a business continuity plan in place?
Those nine points should ensure that you go into any job interview as well prepared as you can be. The rest is up to you!
* Security and Resilience in Government Clouds: Making an Informed Decision: http://www.govinfosecurity.com/articles.php?art_id=3276