Companies have understood that by investing in new information technologies (IT), they can reap substantial productivity benefits of up to 25%. However, unless accompanied by a true security policy—ideally 10 to 15% of the IT budget—all these financial efforts can be quickly and suddenly wiped out. More than 50% of companies disappear within five years of experiencing a computer disaster! Before discussing computer security jobs, let’s take a few minutes to cover the ins and outs of this particular computer sector.
Why have a security system?
A security system protects all of a company’s information resources, while observing technical constraints such as confidentiality, integrity, availability and reliability. The risks incurred are related to accidents (physical or failures), mistakes (use, design, implementation) or to malicious acts including fraud, sabotage, software attacks, data breaches and logic bombs. It is estimated that 66% of companies have already been victims of computer fraud, which has increased dramatically with the Internet. Individuals and government infrastructure have been hit too.
Building awareness, a pre-requisite to any security policy
It will only be possible to implement a security system once the various levels of the company are sensitized to this problem. While 81% of managers feel responsible for their company’s computer data, 39% do not act to protect it. “Barely 20% of Canadian companies are on the right track in terms of computer security,” says Martin Dion, cofounder of Above Security. “Public companies are investing more than private ones, except those that are heavily dependent on IT or have legal obligations such as banks, pharmaceutical companies or publicly listed companies.“
Systems and security policy go hand in hand
A security system will only be effective when combined with a true security policy. Such a policy covers technology, processes and individuals. Canadian companies are reassuring themselves by investing in technology: while 97% have firewalls and antivirus protection, the rest lags behind. A designated person is needed to manage security and communicate expectations. “In Canada, only 10% of companies have a computer manager,” deplores Martin Dion. “This is not very much—security salaries alone should add up to as much as the cost of licences.“
Security specialist profile
The security specialist is increasingly in demand, despite the fact that he is not always popular with their co-workers, who object to his work being impeded by multiple passwords and new rules. Security specialists have to be competent in systems, networks, and programming to detect badly designed networks, poorly installed systems and improperly coded applications. Their technical expertise should be accompanied by interpersonal skills in order to fulfill their mediation (building awareness while going easy on users) and training roles.
A few computer security occupations
- Information security auditors are involved in assessing existing systems. They conceptualize and perform the audit assignment, and communicate with the people who hire them to perform the work.
- Information security consultants propose solutions tailored for previously defined needs. They implement, modify and update operations strategies and practices.
- Engineers in charge of monitoring IT incidents report identified incidents by analyzing the information provided by monitoring tools. They are in charge of communication and building user awareness with respect to security incidents.
- Information security attorneys advise companies on the changes to be made with respect to computer security. They play a role in civil law for data protection, business law for e-commerce and criminal or contract law for computer hacking issues.
Computer security is everyone’s business, and everyone has a role to play starting with changing their work habits. But in the world of business, the contribution of knowledgeable, efficient specialists, who will be able to propose a globally appropriate solution, should not be overlooked.