Most companies are still far from having an elevated, coordinated security unit.
However, the kind of leadership and management drives an organization or a company towards either success or failure. Though everything can be learned and mastered after further experiences and further studies, present activities and accomplishments are qualifications for higher and bigger opportunities that influence others to get involved in the stated missions and visions.
Managing and addressing security carries a significant and potential critical responsibility on whatever number of human resource. Security managers' extensive scope of responsibilities require a trivial task - from risk assessment to the implementation of security policies, from human resource issues to the definition of security duties, including global exposure, and strategic planning, must be embraced and managed.
The assertion that, security managers should be managers first, and security specialists second, it is but right to present the role of a security manager in the arena of securing potential assets. Where and how they're involved, and let the evidences for qualifications, be seen on why they should be managers first.
The importance of continuous attention ...
Such attention is important for all types of internal controls, because of the factors that affect security are constantly changing in today's dynamic environment.
Managing the increased risks associated with a highly interconnected computing environment demands increased central coordination to ensure that weaknesses in one organizational unit's systems do not place the entire organization's information assets at undue risk. Security managers on the other hand, should filter what senior managers see, and even before that, ensure they only collect information someone both cares about and takes responsibility, for Security managers need to easily position information in the context of risk policy, policy enforcement, and related business imperatives.
Risk assessments improve business managers' ability to make decisions on controls needed in the absence of quantified risk assessment results, and engender support for policies and controls adopted, thus helping to ensure that policies and controls would operate as intended.
Through the reporting procedure, business managers take responsibility for either tolerating or mitigating security risks associated with their operations. And such procedures provide a relatively quick and consistent means of exploring risk with business managers, selecting cost-effective controls, and documenting conclusions and business managers' acceptance of final determinations regarding what controls were needed and what risks could be tolerated.
...global exposure and strategic planning...
What an organization can and can't do strategy wise is always constrained by what is legal, by what complies with