What Can a Computer Security Specialist Do for Your Business?

by:

business

A computer security specialist can make a very significant contribution to your organisation’s information security. In recent years, information security in general, and IT security in particular, has grown increasingly specialised and formalised. A general IT training is no longer sufficient to cover all technical aspects of the field, and so a computer security specialist is required for all but the most basic tasks.

So what does a computer security specialist actually do? There are several sub-fields of information security, and no one person can hope to be an expert in them all. But in general, IT security specialists usually have one or more of the following specialisations:

 

    • A penetration tester actively probes the defences of an organisation’s computer systems and network infrastructure, either by mimicking a hacker attack from outside, or else by making use of varying degrees of insider knowledge.
    • An application tester performs a similar function for externally-facing servers, e.g. email, web, or FTP servers.
    • An information security auditor reviews a company’s overall What is a vCISO?, comparing it against industry best practices such as the ISO 27001 standard.
    • An interim manager is hired by a company for a relatively short period, either to bridge a gap between permanent employees, or to deliver a one-off project (such as the planning and implementation of a full information security management system).
    • An outsourced CISO (Chief Information Security Officer) is another type of computer security specialist. He or she will work with a company on a longer-term basis to deliver their information security function, possibly on a part-time basis in the case of a smaller company.
    • A computer security consultant will be engaged for a clearly-defined project and for a relatively brief time, and will provide advice and recommendations which then need to be implemented. He or she may concentrate on information security as a section of corporate governance, focusing more on policies, procedures and people rather than exclusively on technology.
    • Certain organisations, such as Government agencies and the military, may have a need for expert cryptographers. However, very few commercial firms will need this level of expertise.
  • Finally, a computer security specialist may also run training courses and awareness campaigns, either general-purpose or customised to a particular organisation.

 

Clearly, one person cannot possibly cover all these varied functions, and so different experts will tend to specialise in one sub-field or another. A large company may have its own team of IT security specialists to cover all areas, but a smaller company will need to buy in this expertise from a specialist consulting firm.

Leave a Reply

Your email address will not be published. Required fields are marked *