Taking the path to IT security best practice Barbara Greenway, managing director of Parity Training, makes the case for getting to grips with both technical and ‘soft’ skills.
Keeping IT secure
Recent high-profile viruses like Sobig-C and BugBear have made improving security a priority for all users throughout an organisation, not just the IT team.
Investing in sophisticated anti-virus software, firewalls and network monitoring tools, is one way of improving security, but it’s also vital to have the right skills in place to maximise their impact.
There is high demand for security skills in certain sectors. Public sector organisations, financial institutions and retail companies in particular need a high level of know-how to ensure that all data is secure.
For many companies, protecting sensitive customer details is essential, as without a level of trust between customer and supplier, they risk losing their credibility, which will ultimately impact the bottom line.
Getting qualified
The best way to gain competency in managing security is to have a recognised industry qualification.
There are a number of technical standards around, but the most prominent certification in the UK is the Standard for Information Security Management.
This covers all basic IT security practices and gives a grounding in the most important competencies, with the chance to specialise in certain areas.
These competencies, coupled with regular skills updates and the administration of IT security on a daily basis, should be invaluable to making inroads to security best practice.
IT security is not just about technical know-how
Comprehensive security-specific training is also about understanding issues.
For instance, human error - which is responsible for many security breaches - is more puzzling to any IT specialist than hi-tech software.
It's important therefore to attend a training course that covers the non-technical side of security best practice to make the step from purely technical to understanding the cultural processes and implications of security management.