An information technology (IT) security specialist is responsible for the security of an organization's entire computer system and network and creates, implements and manages a thorough security plan. He or she performs various tests to locate vulnerabilities and threats that exist in the company's physical security, workstations and network devices and secures each threat using the appropriate tools. The specialist also is responsible for the company's disaster recovery plan and determines the best methods for backing up both physical and digital data. He or she also must educate users on important security processes.
Developing a security plan is an important aspect of an IT security specialist's job and involves reviewing industry security standards and applying them to the company's individual networking and computer systems. The process involves finding vulnerabilities through the use of penetration testing and vulnerability scanning and determining the impact each security breach could have on the company's infrastructure. After analyzing each risk, the IT security specialist can take action and fix any potential security breaches. He or she will then conduct regular audits and document findings to continuously improve the company's security.
IT security specialists use the security plan to improve network security, physical security, workstation security and server security. The process for securing networks may consist of implementing firewalls, manipulating existing firewall access rules, hardening the settings on network hardware devices, implementing Internet filters and installing devices that detect network intrusions. To improve physical security, the IT security specialist may implement surveillance cameras, alarms, door locks and guards to secure the building and physical hardware. Securing workstations and servers involves using encryption for storage devices; installing and managing virus protection, spam protection and spyware protection applications; installing updates and patches to operating systems and programs; and having a strong password policy.
Another important task of an IT security specialist is implementing a disaster prevention and recovery plan. The specialist's goal for disaster recovery is to be able to successfully restore data or complete systems in the least amount of time possible. Maintaining regular backups of individual systems to a central server, having a backup operational site and creating ghost copies of hard drives are three ways IT security specialists can help prepare for disasters. The specialist must test the backups and update them as needed, and backups may be stored offsite in case of a fire or flood. He or she also may write down system and networking settings or make copies of important paper documents to keep in an offsite location.