A computer security investigator is an essential specialist for today's networked business. In a situation where all businesses, even the tiniest, use computing equipment and the Internet, the IT security investigator has a great deal to offer. He or she will be qualified in information security, and will tend to specialise in one or two sub-fields.
There are two general types of situation where a computer security investigator may be needed by a business.
Firstly, the IT security expert may be asked to investigate the firm's information security status, and make recommendations for improvement. This task is not necessarily linked to any particular security incident, and may simply form part of the relevant compliance requirements. This type of expert will be knowledgeable about official information security standards, and corporate governance regulations, and will also be experienced in performing audits of computer and information systems.
Secondly, the computer security investigator may be called in after an organisation has suffered an information security incident. In this case, after investigating the incident the IT security specialist may be called upon to advise on improving information security in general so as to avoid further such incidents. This kind of expert will be knowledgeable about relevant legislation and recent legal cases, and will also be able to advise on the forensic aspects of the situation.
The two situations require quite different skill-sets in the security expert. The first case requires a specialist who is qualified in the areas of audit and corporate governance as regards information security, and possibly also a track record in the actual management of computer security. The second case requires an expert who is qualified in the areas of computer-related legislation and possibly digital forensics, with experience of incident management as related to computer crime. It would be a mistake for a hiring manager to attempt to have one kind of specialist do the job of the other type, since the two sub-fields can be highly technical and require very different qualifications.
A computer security investigator will probably be brought in as a consultant for a relatively brief period, and for a well-defined project. This is because few companies are large enough to support a permanent staff of IT security specialists. This makes it all the more important for a firm to take time in choosing the right person as their information security investigator, since the success of the whole project will depend on this decision. But if the right choice is made, then many businesses will find that their computer security investigator provides them with an essential service that simply cannot be dispensed with.
Andrew Leith is a security consultant at commissum, a UK-based information security consultancy specialising in penetration testing, vulnerability assessment, ISO27001 consulting services, and security configuration of enterprise systems.