ABSTRACT
Information security professionals (ISPs) provide a number of services within their organizations to employ. Certi‚ed ISPs are expected to be engaged in all the domains of the Security Common Body of Knowledge (CBK) (Table 16.1), demonstrating active expertise in a few and broad knowledge in the remainder. Some ISPs are more traditional-documenting policies and procedures, training users, implementing access control technologies, tracking network activities, or reviewing system logs for problems. Additionally, some provide expertise in resolving internal information security incidents or conducting recovery tasks in the event of serious interruptions to organizational services. It is rare that an ISP will have the opportunity to initiate the security planning process in an organization; e.g., in the case of a new, startup organization. Most enter into an existing information security structure and adapt to the processes, o‰ering modi‚cations as circumstances demand.
