Justify the fact that with information security being a new field, it is often rife with a lack of understanding about what qualifications applicants need to fit in the roles they fill.
Assess the recommendations provided with respect to how an organization can optimize their hiring practices. As mentioned in the text, they are the following:
The general management community of interest should learn more about the skills and qualifications for information security positions and IT positions that affect information security.
Upper management should learn more about the budgetary needs of information security and its positions.
This knowledge will enable management to make sound fiscal decisions for information security and the IT functions that carry out many information security initiatives.
The IT and general management communities should grant appropriate levels of influence and prestige to information security, especially to the role of CISO.
Examine the fundamentals that an IS professional must understand in order to be, at a minimum, considered for an interview or conversation:
How an organization operates at all levels.
Awareness that information security is usually a management problem and is seldom an exclusively technical problem.
How to work with people and collaborate with end users, and the importance of strong communications and writing skills.
The role of policy in guiding security efforts, and the role of education and training in making employees and other authorized users’ part of the solution rather than part of the problem.
Most mainstream IT technologies at a general level, not necessarily as an expert.
The terminology of IT and information security.
The threats facing an organization and how they can become attacks.
How to protect an organization’s information assets from attacks.
How business solutions, including technology-based solutions, can be applied to solve specific information security problems.