Associations


As a ISSO and security professional, it is more than likely you will be involved with professional security associations. These associations differ in specific focus but all have one common purpose: to enhance and improve the profession of security. Whether private, corporate, institutional, commercial, industrial, government, or any other type of security organization, these associations seek to advance the cause of the profession. Members are asked to support the associations' efforts to seek a higher degree of professionalism and recognition of the security discipline. Some of these associations will work with local colleges and universities in an effort to build curriculum consistent with contemporary issues in InfoSec. Together, they assist in the preparation and development of future InfoSec professionals, experts who are capable of dealing with new and more complicated InfoSec issues. [5]

Association membership may be a general membership, as is the case with the American Society for Industrial Security (ASIS), the largest professional security association in the world. Membership may also be very specific to a type of industry, such as the security committee within the Aerospace Industries Association (AIA). Within AIA, security professionals from aerospace companies work together for the benefit of the entire industry. Common challenges, issues, practices, and objectives are addressed by the membership, who are usually senior security managers of member companies.

Suppose you are the IWC ISSO. An essential part of representing IWC's InfoSec-related programs, such as CIAPP, within the professional InfoSec community is to ensure you understand how your company chooses to represent itself to the external world at large. How does it want to be perceived? You are an advocate for IWC, and how you deal with external organizations must be consistent with IWC's expectations and values. For example, company management may believe it is important for its management team to take a leading role in associations, thereby being better positioned to influence policy development or implementation. With this in mind, you should seek officer or director positions within any association you are part of. On the other hand, if your company does not advocate such activities, you may find yourself without the necessary support, both time and money, should you be in a leadership role. In fact, it may be perceived that you are not spending sufficient time on company matters and too much time on outside activities. This can be a difficult line to walk if you don't take the time to learn what company expectations are in this area. One way to consider this issue is to discuss it with your boss as part of your career development plan.

InfoSec-related associations can play an important role in the career of an ISSO professional. Associations often provide professional training and certification in a variety of InfoSec and related disciplines. Furthermore, they serve as a forum where ISSO professionals can meet and discuss current issues and problems and share lessons learned.

There are many InfoSec-related associations in the world today. However, one must be careful, as some have been established for the purpose of making money. Some may even offer certifications that may look good but are not recognized within the professional community.

There are at least five InfoSec-related associations[6] that have been around for many years and also are considered to be very professional organizations:

  • The American Society for Industrial Security (ASIS);

  • The Association of Certified Fraud Examiners (ACFE);

  • The Information Systems Security Association (ISSA);

  • The Information Systems Audits and Controls Association (ISACA); and

  • The High Technology Crime Investigation Association (HTCIA).

[5]We do not imply an endorsement of these or any other associations. The ones selected are ones that we have been members of and therefore, can speak about based on our experiences. However, we are not indicating that they are better than any others; quite frankly, we don't know. We simply offer them as examples.

[6]Information about each association noted is quoted from the association's Web site.




The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net