The Lone WolfSome months ago I responded to a question in the ISACA forum posed by a person who described himself as a lone wolf security professional. In being alone, he was involved in all information security tasks, in every phase of the Deming circle—Plan, Do, Check and Act. The question asked if it was possible and ethical to check his own policy, plan and progress; this is a very good question, and a dilemma that is known by many information security professionals.
In 2010, the Dutch government forced all hospitals to implement information security. This resulted in the creation of my own job as information security officer in one of the larger hospitals in the south of The Netherlands. It was a huge challenge; I had a willing management, but very limited resources, and I was the only information security professional in the organization. In other words, I was a lone wolf. And I had, like the person on the forum, to check my own work. Not because nobody was willing to check my work, but the knowledge was simply not there. Like the person on the forum, I felt very uncomfortable with that situation.
Over the years, it has come to my attention that few industries innovate faster than IT. And while I am surrounded by many of these changes in my everyday life, I try not to underestimate the value of ongoing training and how it improves my skill set and could potentially open up new career opportunities.
Regular IT training is by far one of the single most valuable things I do on a regular basis.
Benefits of Ongoing TrainingI will admit that I do not like the word “training.” It takes me back to being a student in a structured classroom setting. But training really is a positive thing. It is what gives us the knowledge and skills necessary to complete the tasks and objectives we face in our jobs.
We live in an age when social media, mobile devices and the Internet of things (IoT) dictate how we access, manage and communicate information. This technology is constantly changing and relatively complex in nature. Thus, it is essential that enterprises have a fully functional and effective information security program.
The responsibility to ensure such a program is properly implemented resides with senior management. The main objectives of such a program are to ensure the confidentiality, integrity and availability of the information assets and associated resources.
For a moment think about these statements:
After considering these statements, how would you answer the question of whether your business will be competitive in 10 years?
With the countless factors that exist across every sector, the question is very difficult to answer. The pace of positive, negative and unclassified technological advancements is exponentially greater than ever before. How will your enterprise and IT governance structure survive these exciting times?
I have just finished reading the CSX Fundamentals Study Guide, which ISACA provides for the CSX Fundamentals exam. I am impressed. When I hire entry level individuals to work for my company, I look for someone who has familiarity with the topics outlined in the guide. I don’t expect them to be an expert, but when we are tackling a subject as a team, I expect my employees to know the topic being discussed.
Over the years, my employees have been exposed to many cyber security issues, and for the most part, they understand the new ideas and are able to conduct research on them. This helps improve our company’s awareness of critical cyber security issues and what we can expect with the next issue we will have to evaluate or the next solution that we will have to implement. What I like about the CSX Fundamentals Study Guide is that it outlines those very key topics we are in the throes of working on every day.
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.