What Does an Information Security Officer Do?

I’ve love to have this on my business card:

Luke Ahmed, Information Security Officer, CISSP

After reading page 14 of the newOfficial (ISC)2 Guide to the CISSP CBK, Fourth Edition” however, I found that information security officers have a high pressure job!

What I learned from my Interview With An Information Security Officer, is that the security officer was not the enemy.  He was actually trying to find out more details about the SOC in order to perform his job, which is to make sure the company is ready for their ISO 27001 audit.

This actually helps me in the long run because I’d be working at an ISO 27001 certified company, which would lead to garnering more customers, and which ultimately keeps my job secure.

It also helped me personally as I was madly studying for the CISSP exam, and this real world experience on Information Security Governance and Risk Management was priceless!


For an information security officer it’s no longer about just protecting the company with a firewall or the latest anti-virus update.  They now include the following:

Threat Protection

Terrorist attacks

A very real threat in this century

State sponsored hacking campaigns

Just as real as terrorist attacks


Hackers are passing the secretary and going straight for the C-level excutives


More users are bringing in their own device to the corporate network

Insider threats

Whether accidental or with intent, insider threats are one of the biggest to a company



Domestic and international laws are created dynamically


A company must follow regulation in order to protect consumers, and themselves


Certifications such as ISO 27001, which can be crucial to a security business to thrive

Incident Response

Information security officers must create and manage incident response teams

Important to maintain proper chain of custody in case of a legal battle

In addition to all the responsibilities above, the information security officer must sure that all their responsibilities align with the goals, objectives, mission, and culture of the company.

But it’s not over even after that!

Security officers must THEN have to take all their responsibilities, make sure they align with the company, and tell the executive team of everything that is going on for further approval!

Basically, if you want to be an information security officer, you better:

  • Have a passion for security

  • Articulate effectively

  • Get along with others

  • Stand up for yourself, and not be a push-over depending on your situation

  • Stay current on all the latest threats and counter-measures

Think you’re ready for the job?