Been a long time since I’ve rock-and-rolled.
Yes, I’ve been buried in work. I’ve been burned out. I’ve been hung down, brung down, hung up, and ... well, you know the rest of the song. (You DO know the Song, don’t you?)
But I stopped by to bring you this impromptu list of Interesting Things you need to know when you’re an Information Security Officer. Enjoy.
- Child psychology (to deal with prima donnas of all stripes).
- Abnormal psychology (to predict which insiders will go bad).
- Marketing.
- Organizational training.
- Business process engineering.
- Which common words in the English language mean very specific things to a lawyer. Things which will cause her to blanch when you show her a security policy or statement of work.
- IT and financial auditing.
- All the federal and state laws governing computers, wiretapping, breach notification, and e-commerce.
- Economics.
- Statistical analysis.
- How to spell HIPAA.
- How to troubleshoot everything from layers 1 through 7 to prove that it isn’t your firewall that’s causing a problem in production.
- Forensics and chain-of-custody.
- The newest naughty or infected sites, so that you can recognize their droppings on the user’s desktop.
- Contract law.
- Budgeting.
- Project management.
- Accounting.
- What passes for risk assessment in your organization.
- Stress management, meditation and yoga.
- All programming languages. Yes, even COBOL, which is still in use for an obscure, yet important application on your network somewhere. Guaranteed.
- Asset management.
- How to spot snake oil encryption.
- Public speaking.
- QA testing.
- RFP writing.
- FOIA and what things not to do in email.
- Subtle, yet effective flattery.
- Veiled threat-making.
- Mind-reading.
Posted by shrdlu on Thursday, March 20, 2008
(6) Comments • Permalink •
