Understanding key skills for information security managers

Information security management is a necessity for all institutions and enterprises that regard company information as valuable assets. Developing, auditing and managing information security depends upon professional expertise in order to achieve the desired information security governance. This research seeks the key skills required for the position of information security management as well as the methods to develop these skills through professional training programs. The study adopts the Delphi method which requires building a list of items through a literature survey and involves experts with certain expertise to modify the list until a consensus on less than 20% of the items is reached. Through completing three rounds of the Delphi technique - data collection, relevance voting and ranking - sixteen skills are shortlisted as the key skills. In the final list, the majority belong to core information security skills, and the top two skills belong to project/process management skills and risk management skills, indicating the importance of these skills for the information security manager role. In addition, a series of related professional training programs and certifications are surveyed, the outcome of which highlights a number of most comprehensive and appropriate programs to develop these determined skills.