Those working as an information security analyst greatly depend on social science research as well as social science principles. According to the Cybersecurity and Infrastructure Security Agency, this career “is responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security” (CISA) This job role relies on having a social science perspective in their work because they need to keep up with the current trends in cyber attacks and also must effectively communicate those potential threats to the company’s management. Information security professionals work directly with management in order to develop an effective security plan and the to determine the best ways to educate the company and protect against future system breaches.
Understanding the motives behind the cyber criminals who are attempting to breach their information systems is pertinent to developing a security policy that will protect against those breaches. By understanding these motives, they will be better prepared to build a system that is efficient in protecting against specific attacks revolving around how the potential threat may present itself or the objective of that criminal. They will be able to assign higher importance to certain areas of the company for security based on what may be at the most risk of being breached. Through the use of determinism, security analysts are able to draw conclusions founded on information they already have about possible breaches and use that to more accurately predict the most likely route in which a hacker may try to infiltrate the system. Determinism tells us that behaviors are caused or even just influenced by prior events. This knowledge allows for security analysts to understand what a cyber criminal is aiming for due to the route he took to get to where he is now.
Another main aspect of the security analyst’s job is to work closely with management so as to “make security recommendations, create best practices, and design disaster recovery plans” (Simmons, 2022). Through the use of empiricism, security analysts are able to effectively convey the needed information in a way that is easily understood by everyone, regardless of their technical knowledge. This helps them relate important cyber policies that will help to secure the company’s information systems and will also help to spread awareness of why these policies are in place. They will also take into consideration the human factors involved with implementing a security policy. By doing this, it promotes the success of that policy and will make it easier to use for all employees as well as simpler to understand and, therefore, more likely to be consistently used by everyone in the company.
Security analysts work closely with all levels of personnel to ensure that the company’s information and data are well protect as well as find ways to maintain a secure system to prevent against future attacks. Specifically, they regularly work alongside members of IT in order to construct a security policy and develop ways to implement it throughout the company. Information security analysts will “collaborate with software developers to improve current encryption programs or partner with database administrators to create stronger networks. Security analysts also work with company staff, educating them on new security measures” (computerscience.org, 2023). These peer networks are established and allow for a full integration of all the company’s resources so that they may be implemented to their fullest capabilities. By working together and forming an interdisciplinary dynamic to the security of the company, it provides them with a well-rounded and overall valuable resource that can be used to create and maintain the security policies that best suit the company’s needs. It’s through this collaborative work that information security analysts must excel, since it is their responsibility to form the cybersecurity culture within the organization.
Another part of a security analyst’s job is to ensure that the security policies they will be implementing are financially viable for the company. They must work towards a sustainable solution for cyber security policies so that the company can create a reasonable budget, while still providing the necessary security measures to protect their information. They’ll work closely with upper-level management to work out an agreement for a budget that doesn’t sacrifice the security of the organization. They will weigh the risks against the benefits and determine the best way to move forward for developing a security policy.
Ultimately, information security analysts greatly rely on their social networks in addition to social research to determine the needs of the company. By collaborating with others in the organization, they are then able to create a plan that is easy to use and ensures the success of the security policy that is put in place. By developing these human centered systems, it promotes the effectiveness of the cybersecurity policy. Economics is another crucial element of their job role. Without an adequate budget, the company’s security needs may fall short. Information security analysts play a huge part in establishing the cybersecurity culture of their organization.
References
Information security analyst. Code a New Career | ComputerScience.org. (2023, November 9). https://www.computerscience.org/careers/information-security-analyst/#:~:text=Information%20security%20analysts%20keep%20their,industries%20need%20information%20security%20analysts.
Systems security analyst: CISA. Cybersecurity and Infrastructure Security Agency CISA. (n.d.). https://www.cisa.gov/careers/work-rolessystems-security-analyst
Simmons, L. (2022, December 8). A day in the life of a security analyst. Explore Cybersecurity Degrees and Careers | CyberDegrees.org. https://cyberdegrees.org/careers/security-analyst/day-in-the-life/