Abstract
In all 21st century companies and organizations, human component is the main resource with which one counts, since their development and success will largely depend on it. In securing information activities, the human component becomes a strategic element, as those responsible for its management must know in detail the business model, vision, shared values and strategy. These elements, in addition to an applied organizational style model, will allow a business ISMS to achieve the objectives set. Under this premise, a methodology was applied based on the theory of a 20-step selection process developed by Martha Alles, who summarizes the identification, evaluation, selection, hiring and incorporation of suitable staff, allowing to identify the Business Information Security Officer, as suggested by the ECU@Risk methodology. For this purpose, we analyze the main components that make up the recruitment, evaluation, selection and hiring process. The controls to the fulfillment of the corporate goals, the strategic planning and the models of structure and business culture.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Crespo, E.: ECU@Risk. Cuenca, Azuay (2017)
Gómez, A.: Enciclopedia de la seguridad informática. Alfa-Omega, México (2011)
Serrano, M., Pinos, M.: Propuesta metodológica para la selección de cargos críticos. Caso aplicado: TUBERÍA GALVANIZADA S.A. (TUGALT). Universidad del Azuay, Cuenca, Azuay (2018)
Alles, M.: Selección por Competencias. Granica, Buenos Aires (2017)
Crespo-Martínez, E.: Metodología de Seguridad de la Información para la gestión del Riesgo Informático aplicable a MPYMES. [Art]. Universidad de Cuenca (2016)
Oz, E.: Administración de los sistemas de información. Cengage Learning, Mason (2008)
Rue, L., Byars, L.: Administración, teoría y aplicaciones. Alfaomega, México D.F. (2006)
Caicedo, V., Acosta, A.: La gestión del talento humano y el ser humano como sujeto de desarrollo. Revista Politécnica, no. 14, pp. 105–113 (2012)
Dessler, G., Valera, R.: Administración de Recursos Humanos. Enfoque latinoamericano, Pearson (2009)
Mahajan, R.: Administración de TI: Administración de TI en una recesión, sugerencias para la permanencia. https://technet.microsoft.com/es-es/library/ff956121.aspx
ISACA: Un Marco de Negocio para el Gobierno y la Gestión de las TI de la Empresa. ISACA® Framework, Madrid (2012)
Ruano, J.: La selección de personal en las nuevas organizaciones: Externa vs Interna. Universidad de Valladolid, Nuevas tendencias (2014)
Chiavenato, I.: Administración de Recursos Humanos. McGraw-Hill, Colombia (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Crespo-Martinez, P.E. (2020). Selecting the Business Information Security Officer with ECU@Risk and the Critical Role Model. In: Kantola, J., Nazir, S. (eds) Advances in Human Factors, Business Management and Leadership. AHFE 2019. Advances in Intelligent Systems and Computing, vol 961. Springer, Cham. https://doi.org/10.1007/978-3-030-20154-8_34
Download citation
DOI: https://doi.org/10.1007/978-3-030-20154-8_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20153-1
Online ISBN: 978-3-030-20154-8
eBook Packages: EngineeringEngineering (R0)