Management Information Systems, 13TH ED.
MANAGING THE DIGITAL FIRM
Kenneth C. Laudon ● Jane P. Laudon
continued
Learning Track 1: The Booming Job Market in IT Security
e technology industry has experienced its share of ups and downs over the last decade, from the
initial dot-com boom to the dot-com bust, and back to the current rise of next-generation online
businesses. One area of technology that has not been characterized by inconsistent levels of pros-
perity is information technology security.
As more and more bricks-and–mortar companies took their business online and relied on network
and Internet technology for communications and productivity, protecting the business inter–
ests that run on these technologies became a priority. Even during the years when tech stocks
Following the 9/11 terrorist attacks, and the growing number of intrusions into business informa-
tion systems emanating largely from China, many companies took a closer look at their securi-
ty requirements. Firms that specialized in providing network security services saw an increase in
demand for enterprise security evaluations. e scope of a proper security strategy is wide and can
include everything from suitable locks on entrance and storage room doors to intricate pass codes
for access to network resources. Companies sought to insulate their physical infrastructures as well
as their vital data from harm. Within a few years, however, many businesses were forced to scale
back their security budgets as economic conditions turned unfavorable. e trend turned to hiring
application or system specific experts with less of an eye toward security.
Chapter 8: Securing Information Systems
Chapter 8 Learning Track 1 2
continued
CardSystems suffered significant economic and reputational losses when they failed to protect the
credit card data of tens of millions of customers. Even the United States government sensed the
urgency and instituted a commercial certification requirement for all IT workers and contractors at
the Department of Defense.
e theft of intellectual property from American firms is another factor spurring the growth of the
information and computer security field. In 2013, a survey of members of a leading U.S. business
To prevent attacks on their businesses, some companies are looking for IT security personnel with
backgrounds in white-hat hacking and computer forensics, among other skills. Developing such
skills is viewed as crucial for future chief security ocers (CSOs) if they are going to defend their
employers’ business interests from cyberattacks.
To support the development of such careers, EC-Council, a professional association for e-busi-
ness and security professionals, has added a Master of Security Science program to its EC-Council
University training curriculum. e program covers cyberlaw, disaster recovery, e-business secu-
rity, IT security project management, as well as security for Linux, networks, programming, and
wireless installations. e students in this master’s program already possess undergraduate degrees
in computer science or IT security. e University aims to create a new front line of CSOs and
Chapter 8 Learning Track 1 3
continued
Professional security certification is definitely high on the list for employers with IT security jobs
to fill. One tool that hiring managers have at their disposal is the Certified Information Systems
TABLE 1 The Ten Domains of Security
Domain Key Topics
Access Control Systems & Methodology Preventive, detective, and corrective access control, identification,
and authentication
Applications & Systems Development Key security issues at each phase of the software development cycle.
Physical Security Identifying threats and vulnerabilities in the information system’s envi-
ronment; protecting the system from threats.
Security Architecture & Models Configuring security for specific information systems; models: access
control, integrity, and information flow.
Security Management Practices Key concepts, controls, and definitions for security practices, including
the confidentiality, integrity, and availability triad (CIA), risk analysis,
classification of data, documentation, and awareness.
Telecommunications, Network, and
Internet Security
Network structures, communication methods, data transport proto-
cols, network and transmission security.
e prerequisites for applying to take the CISSP exam are stringent. To be eligible for the exam,
applicants must commit to the (ISC)2 Code of Ethics and have at least five years of “direct full-
Chapter 8 Learning Track 1 4
continued
e fee for the CISSP exam is $499 for early registration and $599 for standard registration (within
16 days of the exam). Passing scores generally fall in the 70%-80% range, and fewer than 8 percent
of exam takers score above 85% due to the expanse of knowledge covered on the exam.
Once a candidate for certification passes the exam, he or she must have the application endorsed by
TABLE 2 Security Certications
ORGANIZATION CERTIFICATIONS
CWNP Wireless#, CWNA, CWNE, CWSP
Check Point CCSA, CCSE, CCMSE
In the field, and certification notwithstanding, Paul Pescitelli recommends that job applicants have
competence in at least two of the ten domains. Moreover, a successful job applicant often must
combine IT expertise as it relates to a particular job or employer with a deep comprehension of
security technology and practices.
Of course, if you are in college or graduate school now, you are a number of years of study and
Chapter 8 Learning Track 1 5
continued
TABLE 3 Example IT Degrees
Institution Type Degree
DeVry University Undergraduate Bachelor’s degree in Business Administration with a
major/concentration in Security Management
RIT Undergraduate Bachelor of Science in Information Security and
Forensics
As you can see, the options for pursuing a degree in information security are quite diverse. If you
are not currently able to redirect your education to an institution that offers an information secu-
rity, you can start preparing now by examining the curriculum of your own school. Make it a prior-
ity to enroll in courses that are in concert with the typical curriculum of an information security
degree program. Some typical courses you might consider are:
◆ Introduction to System Administration
◆ Introduction to Programming
An information security curriculum may also contain courses in other disciplines such as English,
Economics, Psychology, Accounting, and Statistics.
Chapter 8 Learning Track 1 6
continued
careful they are with their company-issued devices. 44 percent of respondents reported opening
e-mail and file attachments from unfamiliar or suspicious senders. 33 percent had hijacked a neigh-
bor’s wireless connection or used a public hotspot with no knowledge of its security. 73 percent
admitted to sometimes being unaware of security threats and best practices for working on mobile
e following table displays a sample of security positions and their related salary ranges.
TABLE 4 Example IT Degrees
Position 2012 Salary Range
Chief Security Officer $97,500 – $141,100
Senior IT Auditor $81,500 – $107,000
If you are searching for a job in IT security, you may also want to search for variations of some
of the above job titles, such as: IT Security Engineer, Information Security Specialist, IT Security
Manager, Security Architect, and IT Security Consultant. Of course, job titles and salary ranges
are only part of the story. You will also need to consider the responsibilities that accompany each of
these jobs:
◆ Chief Security Ocer: e CSO is a high-level executive who reports directly to the CEO,
CIO, COO, or CFO. e person in this position takes the lead on all matters related to setting
and implementing security standards for the company. e CSO is charged with protecting all
Chapter 8 Learning Track 1 7
◆ Data Security Analyst: A data security analyst protects the firm’s data from threats, such as
theft, fraud, vandalism, and unauthorized access. is position supports applications, oper–
◆ Systems Security Administrator: e person in this position performs risk management
tasks on a firm’s computers and network. e duties of a systems security administrator
◆ Network Security Administrator: A network security administrator establishes and imple-
ments authorization policies for access to company resources on the network by assigning
e IT security job market promises to remain strong for years to come. ere are about 300,000
employees in the U.S. information security field. at number is expected to rise by 22 percent
looking out to 2020 according to the Bureau of Labor Statistics. In addition to the overwhelming