The paper "The Effective Security Manager" is a perfect example of a management essay. “ Without a knowledge and understanding of financial management and accounting, it is unlikely that a security manager can operate effectively and successfully in terms of both internal and external organizational environments” . The above statement apparently demeans the capability of a traditional security manager to handle security issues in an organization effectively without financial management and accounting skills. However, there must be a valid reason why such a statement was made and therefore it is only fair that we should methodically analyze it.
The discussion on this paper will initially focus on the minimum requirements necessary to become a security manager and its typical role in both internal and external organization security management. Next will be an analysis of security issues in an organization followed by an asymmetrical discussion on the validity of the argument presented. The paper will then conclude with the final assessment of the facts and its overall conclusion. Primarily, as the resident expert on information security issues, a security manager must be qualified and equipped to manage an organization's security program.
An average security manager according to Boyce and Jennings (2002) is not only knowledgeable about the technical aspects of the system but also confident enough to ask the right question when additional information is required. He should demonstrate the ability to translate technical security requirements into an understandable language for management and general users. His knowledge should not be limited to textbook specifications but rather extend to real-world applications of security directives, regulations, standards, and policies. In the same way, he should not restrict himself to the institutional knowledge of an organization but should possess an in-depth understanding of the organization’ s mission, objectives, strategic goals, and business processes to ensure the effectiveness of security policies and procedures (98).
Boyce Joseph George and Jennings Dan Wesley, 2002, Information Assurance: Managing Organizational IT Security Risks, Published 2002 Elsevier, ISBN 0750673273
Butler Shawn, 2002, Security Attribute Evaluation Method: A Cost-Benefit Approach, Computer Science Department, Carnegie Mellon University, Pittsburgh, PA 15213
Fay John, 1993, Encyclopedia of Security Management: Techniques and Technology, Published 1993 Elsevier, ISBN 0750696605
Fischer Robert and Janoski Richard, 2000, Loss Prevention and Security Procedures, Published 2000 Elsevier, ISBN 0750696281
Fischer Robert and Green Gion, 1998, Introduction to Security, Published 1998 Elsevier, ISBN 0750698608
Sheppard Colin, 2007, How to Reach Decision Makers: Success Strategies for Security Awareness, online, last access: 10/03/07, available at http://articles.techrepublic.com
Wylder John, 2004, Strategic Information Security, Published 2004 CRC Press, ISBN 0849320410