Specialist must The solution to the problem is simple. Do not include specialists who ensure the functioning of services in the IS service. Any services. The IS service, like all other departments, consumes services provid by IT departments. The latter are the executors of services relat to the uninterrupt functioning of information security tools.
To the employees of the IS service, but not vice versa.
Ad the professional standard of a computer specialist must
Security specialist is includ in the phone number library section on specialists in communications.
Information and communication technologies, and not on ensuring security.
In accordance with his professional standard, be able to maintain, configure (administer) and even develop information security tools and information systems in a secure design, as well as evaluate their effectiveness in terms of the cost of their maintenance, productivity, support and actually us functionality. All this is necessary, but these are the functions of the IT service, because for the IS service, information security tools are the same tools as for an accountant, some kind of “1C-Accounting”. Is the administration of an accounting information system carri out by accountants?
The IS service is not a service structural unit
Its functions do not include providing IS services to other units, whatever is understood by this concept. The implementation of IS measures is carri out by all employees of the organization from the top manager to the ordinary worker, which is specifi in their job responsibilities and secur in employment contracts. The IS service or, depending on the size of the organization, the IS manager is assign the functions of the organizer and coordinator. The IS service is a management structural unit, not a service one.
A certain part of the expert information security
Community may object to me the importance of business analytics solutions: what you can learn from your data that transferring the function of administering information security tools to IT departments will ruce the level of security of the organization, since the IS administrators will get out of control. I hasten to object that the aero leads level of security of the organization is determin not only by the level of information confidentiality, but above all by the indicators of efficiency and business continuity.
