The function of the security consultant is to advise the company on the security policy and the most appropriate systems to apply. He is in charge of carrying out an analysis of the risks on the assets associated with the people in the company he advises (for example, possible losses of assets or illegal actions of the staff), so that they can act in the event of a problem with the solution best suited to the needs and resources of the company. It is a generic occupation that can create more jobs if the professional specializes well in a specific job or sector.
Chores
It should be noted that each of these tasks can become a specialty of the consultant and its own professional profile.
Identify the strengths and weaknesses of the company in terms of security. Knowing how the company works requires an analysis of the organization and the identification of the needs and gaps it has, both in the general field and in the security aspect.
Identify the risks and threats that can pose losses to the organization. Based on knowledge of the organization and the environment, it establishes the risks that may pose a danger to the organization.
Advises in the definition of the security policy of the company. It helps the company management to define the security policy to be followed in accordance with the characteristics of the organization and the regulations that must be met.
He plans security systems that will later be implemented and maintained by himself or by specialists and technicians. Define which are the best security systems, depending on the needs and resources of the company.
Verify the system once it is implanted. Once the security system is installed, check that it is working properly and that it is being used properly.
Inspects existing security systems. It evaluates the systems that are already installed to assess whether they are adequate to the current needs of the company, that is, if the system covers the current risks that the company may suffer. It is important to carry out inspections, since companies are dynamic and over time a security system can become obsolete or not meet the needs.
Verify the quality of a security system, according to the needs and characteristics of the organization. This work is closely related to inspection. A security system not only has to respond to the needs of the moment, but it also has to respond with quality, for example, an alarm system cannot generate false alarms continuously, since it has very harmful effects.
As an external consultant, he prepares, coordinates and streamlines the development and execution of crisis plans.
It clarifies and defines the objectives to be achieved in each risk and measure applied.
It informs about the ideal criteria for controlling the company's information, tabulating the appropriate distribution levels and advising on the best distribution channels.
Perform congruence analysis on security projects and applications.
Collaborates in the definition and implementation of continuity and disaster recovery systems.
Participate in the definition of desirable profiles in the hiring of strategic business personnel.
Conduct safety studies on specific topics. It develops specific studies or investigations that it can receive to analyze a specific or specific situation that the company has to solve. For example, you can do a one-off analysis on the illicit use of computers by someone on your staff.
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου