(ISC)² Blog

Working in information security can, without doubt, at times prove extremely stressful. Sometimes it seems you have so many things to keep track of, the task can feel almost impossible.

Deadlines. A server that won’t install an update. A missing iPhone, iPad or Laptop. A zero day exploit to which your system is vulnerable. An employee, recently poached by the competition, with full access to client lists and recent work – All potentially stressful situations.

As an information security worker, you are likely to encounter all of these stressful problems at one point or another. You, after all, are the gatekeeper, the person charged with the task of protecting the vital work which your company does, of ensuring access is given to the people who should have it, and denied to the people that should not. When it comes to your companies valuable and hard-earned intellectual property, you are the guardian of the realm, and often it can feel like quite a heavy responsibility.
With so much on your plate, how can you possibly cover all the potential problems, in a calm and managed way?
Like with so many things in life, the answer often comes down to planning. As the saying goes, poor planning and preparation precedes poor performance, and it is likely it is the fear of poor performance that is the stressful part of your job. But this is a fear you can mitigate almost entirely with the knowledge that you are well prepared, aware of the system which you manage, up to date with the latest developments in your field and prepared, in the rare eventuality that things do go wrong.
Your first step on the path to taking control of the system is to perform a full and thorough information security audit of all software and hardware assets. If done correctly this will not only bring you up to speed with exactly what assets you are responsible for - and you may be surprised how many creep in, once mobile phones, iPads and remote web access to servers are taken into account. Once you know what you are looking after, you can prioritise the level of risk presented by each. Next, you can begin to think about how to control access, both authorised and otherwise, to each device and potential vector for system access, before finally ensuring that each device is secure against potential vulnerabilities from potentially nefarious outside sources. Once you have done this, a large part of your job is done – you have successfully secured your system against unauthorised access, and can begin to rest a little easier. From this point forward, you can focus on keeping your network secure, making sure the doors stay bolted and that you are up to date with any new developments in terms of security flaws that may expose a previously unrealised chink in your armour.
With a properly controlled system, that you are confident is secured against the latest threats, you can begin to relax and take a deeper look into areas you could improve. You have secured against the basics, now could be the time to explore further how efficient your system is, and you can move from being reactive to proactive and enjoying your work.

Read more about stress in the infosec workplace in the new edition of Information Security Professional Magazine (page 22).  The magazine is a benefit exclusively for (ISC)² members.  You can earn CPEs by taking a quiz about the contents of the magazine. Follow this link to check it out:  https://www.isc2.org/infosecurity_professional/default.aspx