Answer
A security administrator is a person who is solely responsible for controlling and coordinating the activities pertaining all security aspects of the organization.
A security administrator attempts to ensure that the facilities in which systems are developed, implemented, maintained and operated are safe from threats that affect the continuity of installation and or result in loss of security.
The security administrator sets policy, subject to board approval.
He also investigates, monitors, advises employees, counsels management on matters pertaining to security.
The security administrator is responsible for establishing the minimal fixed requirements for classification of information based on the physical, procedural and logical security elements. The need to protect these securities is also stressed, he assigns responsibilities to job classifications and formulates what to be done in case of exceptions.
The security administrator guides other information security administrators and users on the selection and application of security measures, he trains them for how to mark and handle processes, train security coordinators, select software security packages and solve problems.
The Security administrator also does the following:
Investigates all security violations.
Advises senior management on matters of information resource control.
Consults on matters of information security.
A security administrator also has the responsibility of conducting a security program, which is a series of ongoing, regular, periodic evaluations of the facilities available.
A security administrator has to consider an extensive list of possible threats to the organization, prepare an inventory of assets, evaluate the existing controls, implement new control, etc.
The security administrator requires the assistance of many individuals because of their expertise in that particular field. The auditor should see to that these steps are preformed on a regular basis, the
results of the reviews are analyzed and documented, and advises the management on appropriate action in light of the result