Information security is one thing that cannot be done by a single individual successfully, it involve a team work. A team that understands the goal of the organization as it concerns information security, the national and state information security laws and what needs to be done to ensure that information is well protected.
Information security is a process and a continuous one. It should be taken as a project with the project team comprising of a number of individuals who have enough experiences in one or many facets of the needed technical and nontechnical areas.
Sometimes some of the skills that are used to managed and implement information security are the same skills that are needed to design an information security plan.
A typical information security project team should include:
- A Champion: A senior executive who will promote the project and gives his support in terms of both financing and managing the project from the highest levels of the organization.
- A Team Leader: This is also a project manager but at departmental line staff levels. He or she must have a good understanding of the project management, personnel management, and information security technical requirements.
- Security policy developers: These should be people with a good understanding of the culture of the organization, the existing policies, and what is needed for the development and implementation of successful policies.
- Risk assessment specialists: These are people with understanding of the financial risk assessment techniques, the value of organizational assets, and the security methods to be used.
- Security professionals: Should be trained well-educated and dedicated specialists in all aspects of information security from both a technical and nontechnical points of view.
- Systems administrators: Call these People with a basic responsibility for administering the systems that every information used by the organization is housed.
- End users: These are selected users from each departments and levels that are designated to help the team accomplish their specific information security goals and the organizational information security goals.