Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses.

Also Known As: Computer Security Specialist, Computer Specialist, Data Security Administrator, Information Security Analyst, Information Security Manager, Information Security Officer, Information Security Specialist, Information Systems Security Analyst, Information Technology Security Analyst, Information Technology Specialist

Daily Tasks / Routine Activities

1. Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.

2. Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.

3. Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.

4. Monitor use of data files and regulate access to safeguard information in computer files.

5. Monitor current reports of computer viruses to determine when to update virus protection systems.

6. Modify computer security files to incorporate new software, correct errors, or change individual access status.

7. Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.

8. Confer with users to discuss issues such as computer data access needs, security violations, and programming changes.

9. Train users and promote security awareness to ensure system security and to improve server and network efficiency.

10. Coordinate implementation of computer system plan with establishment personnel and outside vendors.

Information security analysts must continually adapt to stay a step ahead of cyberattackers. They must stay up to date on the latest methods attackers are using to infiltrate computer systems and on IT security. Analysts need to research new security technology to decide what will most effectively protect their organization. This may involve attending cybersecurity conferences to hear firsthand accounts of other professionals who have experienced new types of attacks.

IT security analysts are heavily involved with creating their organization’s disaster recovery plan, a procedure that IT employees follow in case of emergency. The plan lets an organization’s IT department continue functioning. It includes preventative measures such as regularly copying and transferring data to an offsite location. It also involves plans to restore proper IT functioning after a disaster. Analysts continually test the steps in their recovery plans.

Because information security is important, these workers usually report directly to upper management. Many information security analysts work with an organization’s computer and information systems manager or chief technology officer (CTO) to design security or disaster recovery systems.

Work Activites

Interacting With Computers — Using computers and computer systems (including hardware and software) to program, write software, set up functions, enter data, or process information.

Analyzing Data or Information — Identifying the underlying principles, reasons, or facts of information by breaking down information or data into separate parts.

Getting Information — Observing, receiving, and otherwise obtaining information from all relevant sources.

Making Decisions and Solving Problems — Analyzing information and evaluating results to choose the best solution and solve problems.

Processing Information — Compiling, coding, categorizing, calculating, tabulating, auditing, or verifying information or data.

Updating and Using Relevant Knowledge — Keeping up-to-date technically and applying new knowledge to your job.

Communicating with Supervisors, Peers, or Subordinates — Providing information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person.

Provide Consultation and Advice to Others — Providing guidance and expert advice to management or other groups on technical, systems-, or process-related topics.

Evaluating Information to Determine Compliance with Standards — Using relevant information and individual judgment to determine whether events or processes comply with laws, regulations, or standards.

Thinking Creatively — Developing, designing, or creating new applications, ideas, relationships, systems, or products, including artistic contributions.

Developing Objectives and Strategies — Establishing long-range objectives and specifying the strategies and actions to achieve them.

Organizing, Planning, and Prioritizing Work — Developing specific goals and plans to prioritize, organize, and accomplish your work.

Coordinating the Work and Activities of Others — Getting members of a group to work together to accomplish tasks.

Key Knowledge Areas

Computers and Electronics — Knowledge of circuit boards, processors, chips, electronic equipment, and computer hardware and software, including applications and programming.

English Language — Knowledge of the structure and content of the English language including the meaning and spelling of words, rules of composition, and grammar.

Telecommunications — Knowledge of transmission, broadcasting, switching, control, and operation of telecommunications systems.

Mathematics — Knowledge of arithmetic, algebra, geometry, calculus, statistics, and their applications.

Engineering and Technology — Knowledge of the practical application of engineering science and technology. This includes applying principles, techniques, procedures, and equipment to the design and production of various goods and services.

Important Qualities /Top Skills

Analytical skills. Information security analysts must carefully study computer systems and networks and investigate any irregularities to determine if the networks have been compromised.

Detail oriented. Because cyberattacks can be difficult to detect, information security analysts pay careful attention to their computer systems and watch for minor changes in performance.

Ingenuity. Information security analysts try to outthink cybercriminals and invent new ways to protect their organization’s computer systems and networks.

Problem-solving skills. Information security analysts uncover and fix flaws in computer systems and networks.