The goal of our study is to contribute to a better understanding of role conflict, skill expectations, and the value of information technology (IT) security professionals in organizations. Previous literature has focused primarily on the role of information professionals in general but has not evaluated the specific role expectations and skills required by IT security professionals in today’s organizations. In this chapter, we take into consideration the internal and external factors that affect the security infrastructure of an organization and therefore influence the role expectations and skills required by those who are in charge of the security of network infrastructures in organizations. First, we describe the factors discussed in the literature and support them with quotes gathered from interviews conducted with information security professionals in small organizations in Central New York. Then, we present a set of common themes that expand the understanding of this role and finally we provide practical recommendations that would facilitate the management of these professionals within organizations.
TopIntroduction
Research in the area of information systems has acknowledged that information technology human capital is a strategic resource within organizations and that its “effective management represents a significant organizational capacity” (Ferratt, Agarwal Brown and Moore, 2005, p.237). Most of the research done on human resources management (HRM) within the field of information systems has focused on the role of information technology professionals in general, but little research has been conducted about the role of a more specific group, the information technology security professional. In this book chapter, we will discuss the role, challenges and opportunities of this particular type of job within organizations.
In previous research, Information Technology (IT) professionals in general have been defined as a diverse group of workers trained formally or informally and engaged primarily in the following activities related to information and communication technology systems, components, or applications: conception, selection, acquisition, design, development, adaptation, implementation, deployment, training/education, support, management and documentation (Kaarst-Brown and Guzman, 2005). IT professionals have direct responsibility for the quality of the information available to decision-makers (Prior, Rogerson, and Fairweather 2002). As organizations become more strategically reliant upon information systems, IT professionals’ management, recruitment and retention have an increasingly significant impact on the future of their companies. To address these increasing HRM challenges, research has been conducted to improve understanding of the roles and skill requirements of the IT professional. Likewise, it is also important to understand the role of IT security professionals because their position within organizations and the importance of their jobs is crucial and has a set of specific challenges that shape this role. In this chapter, we summarize the range of factors that influence the role expectations of IT security professionals, the necessary skills that they should have in order to perform an effective job of securing the network infrastructure of an organization, and the challenges and satisfactions these professionals face in fulfilling this vocation.