New business tools – from IM to social networking and Web 2.0 in general – are changing the ways we do business, but these innovations, in turn, effect our organizational security policy. The evolution also brings ethics and behavioral attributes into business decision-making.
The dismal economy is not helping matters. Now more than ever, companies face the daunting challenge of making sure that their employees follow ethical rules of conduct, and don't succumb to the possibility of making a quick buck by stealing data assets.
This will be the topic under discussion at next week's SC World Congress on the panel, An Eye on your employees -- policy and ethics, commencing at 1:45 on Wednesday, Dec. 10. Panelists include Dan Lohrmann, CSO, state of Michigan; and Joyce Brocaglia, CEO, Alta Associates. The moderator is Illena Armstrong, editor-in-chief, SC Magazine
While managers are pressed to strongly monitor employee activity, the prospect for IT professionals in 2009 is not all that bad, however. Ms. Brocaglia says security professionals looking for a new position can expect slim pickings, at least for the start of 2009.
“Clearly, company reactions to the downturn in the economy have been, in many cases, to put freezes on hiring,” she says. “And I expect that to continue for the next couple of months.”
But she says that while businesses are admittedly doing “more with less,” a number of security-related posts remain in high demand, particularly in governance, risk and compliance (GRC), as regulations increase in light of the recent financial services meltdown.
“Good people are always hard to find,” she says. “They will be more selective, but there are a lot of huge initiatives. I think people need to concentrate on defining their differentials in a market like this. They really need to refine their résumé and utilize their network [of contacts].”
And, according to Brocaglia, who is also the founder of the Executive Women's Forum, an industry event that brings female information security pros together for knowledge exchange, the majority of hiring managers worldwide indicate that information security certifications are important when hiring.
“Employee competency and quality of work remain the top reasons that employers and hiring managers continue to place emphasis on security certifications. Professional certifications are a great validation of your commitment to the industry and a level of competency,” she adds. “Companies that are hiring are more and more determining the professional certification that best validates a candidate's suitability for the position.”
And as far as management posts are concerned, (ISC)2
's CISSP is the industry standard. On the other hand, more technology-focused jobs might call for a vendor certification, for instance, “that matches your organization's particular technology environment, such as certifications from Microsoft or Cisco,” she says.
Joyce Brocaglia heads the personnel search firm Alta Associates, which focuses on recruiting IT risk management, information security and privacy specialists. In September of 2003 Information Security Magazine
honored Ms. Brocaglia with a "Women of Vision" award naming her one of the 25 most influential women in the information security industry. She is on the board of advisors for the ISSA and International Information Systems Security Certification Consortium.
About the SC World Congress
To keep today's companies and organizations secure requires up-to-the-minute information about current threats to the corporate environment, best practices and optimum solutions. The inaugural SC World Congress offers attendees the opportunity to become better informed, while at the same time providing a hands-on sampling of state-of-the-art technologies and services being used to thwart the increasing range of threats trying to interfere with business operations and abscond with corporate and customer data.
Located in New York, the largest concentration of corporate headquarters and federal and local government offices in the United States, the SC World Congress is the only dedicated IT security event focused on providing the latest solutions and inside information to help IT & data security professionals do their jobs better.
The inaugural SC World Congress takes place December 9-10 in New York City's Javits Convention Center.
For a complete schedule of events, please click here