Assessment of the Cyber security Competency

Posted: December 2nd, 2013

Assessment of the Cyber security Competency

Name:

Course:

Date:

Assessment of the Cyber security Competency

The Chief Information Officer (CIO) is tasked with the responsibility of managing computer systems and information technology for the objective of supporting enterprise goals. As a senior and prominent executive in the government, the CIO is guided by a set of guidelines known as Clinger-Cohen Core Competencies and Learning Objectives. These guidelines indicate the desired performance level and the knowledge requirements based on information technology resources on the part of the CIO. One of the competencies associated with information technology is Section 10.0, which focuses on Cyber security and Information Assurance. In this section, the CIO is tasked with responsibilities that border on developing a program that will include policies, techniques and procedures that will aid in the protection and defense of information, networks and systems.

Regarding the section on Cyber security/Information Assurance, the CIO is supposed to integrate the management of strategic features concerning their tasks and direct care and replenishment of the organizational Information Technology (IT) systems. Various ways exist in which CIO’s are able to perform these duties. For instance, the CIO can integrate both duties by developing a comprehensive information system that incorporates the strategic and functional objectives of the organization (Stair, 2010). The strategic objectives will be entirely based on protection of the organization’s IT systems. By incorporating strategies that will protect the IT systems in the program, the CIO will be able to ensure that the objectives of Cyber security and the care of the organization are carried out simultaneously. The CIO will be able to do this because of the program, which will focus on strategies that will ensure that vital data and information are protected from malicious security attacks and that the organizational IT systems are upgraded and maintained in order to cater for the new security threats.

Another method that the CIO can implement for assistance in managing the strategic facets of Cyber security and care for organizational IT systems is through employment of efficient personnel that will ensure that the IT systems are protected and that the strategic features of Cyber security are managed. The CIO can employ personnel such as application and database experts, networking experts and penetration testers. Such personnel will enable protection of the organizational IT systems by evaluating the systems’ security level in the respective network, testing the organization’s resources, reporting on security vulnerabilities, attacks and threats present and producing real attacks without risking the IT systems (McNab, 2004). This is also in line with the strategic aspects of the Cyber security, which are based on openness, and security of the network system. Additionally, the CIO can conduct training programs that are based on education of strategic objectives and protection of the organizational IT systems. Training will ensure that the current personnel, who consist of users and protectors of data and information, gain supplementary knowledge that will ensure protection and management of strategic aspects and IT systems.

In conclusion, the CIO can simultaneously care for organizational IT systems and manage cyber security’s strategic aspects by employing Enterprise Resource Planning (ERP) systems. Since CIOs manage large enterprises, the ERP system would be efficient since it will integrate all functions and departments in the organization allowing sharing of information across the organization (Sumner, 2005). This system will enable the CIO to integrate IT systems protection and management of the strategic features. Therefore, irrespective of the numerous duties that the CIO possesses, structures and methodologies exist which can assist them in complying with the competencies’ strategies and management of their respective organizations.

References

McNab, C. (2004). Network security assessment. Sebastopol: O’Reilly Media, Inc.

Stair, R. M. (2010). Information systems. Australia: Course Technology, Cengage Learning.

Sumner, M. (2005). Enterprise resource planning. Upper Saddle River: Prentice Hall.