What is Information Technology Security Management?

By Elliott S. Lynn, Ph.D.
Associate Professor for Information Systems Security and Information Technology Management, American Military University

IT Security Management has evolved into an essential element in the 21st century workplace. Organizations thrive and gain competitive advantage using information technology by way of information systems and other electronic means. The ability to secure these systems is critical. IT Security Management is the practice of protecting information systems from internal and external network attacks. The core elements of IT Security Management have a core based on the CIA Triad, which includes the following:

• Confidentiality – ensuring that those that have access are the only person(s) that can view information
• Integrity – ensuring information is not modified or deleted by unauthorized users or systems
• Availability– ensuring that systems and information is available to those that require access at all times required

These IT professionals have primary responsibilities that include the utilization of the CIA Triad principles to ensure information systems are secure. There are many ideas and thoughts of what makes a system secure, but the IT Security Management industry follows standards and guidelines to ensure consistency and effective means to securing critical systems.

Maintaining the Standards in IT Security

Over the past several years there have been standards organizations around the world worked together to create, modify, and maintain Information Technology Security standards. Well known standards that are critical for the evolution of Information Technology Security include the following:

• The USA National Institute of Standards and Technology – a non-regulatory federal agency within the U.S. Department of Commerce
• International Organization for Standardization – a consortium of national standards institutes from 157 countries, coordinated through a secretariat in Geneva, Switzerland
• The Information Security Forum – a global nonprofit organization of several hundred leading organizations in financial services, manufacturing, telecommunications, consumer goods, government, and other areas

The critical need for IT Security professionals that can facilitate secure systems and data has resulted in many IT Security certifications. There are a few that are widely recognized and respected in the IT Security Management industry, including:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• CompTIA Security+
• Global Information Assurance Certification (GIAC)
• Cisco Certified Security Professional (CCSP)
• Systems Security Certified Practitioner (SSCP)
• GIAC Security Essentials Certification (GSEC)
• Certified Ethical Hacker (CEH)
• Computer Hacking Forensic Investigator (CHFI)
• Certified Wireless Security Professional (CWSP)

The Information Security Management industry continues to evolve in a rapidly changing innovative world that requires constant reevaluation of systems and vulnerabilities resulting from new and emerging technology around the globe.

Keeping up-to-date on emerging trends in the areas of standards is paramount to your success as an IT professional. One way to ensure you are up to date is with lifelong learning and a certificate in your area of expertise.