Selecting the Business Information Security Officer with ECU@Risk and the Critical Role Model

In all 21^st century companies and organizations, human component is the main resource with which one counts, since their development and success will largely depend on it. In securing information activities, the human component becomes a strategic element, as those responsible for its management must know in detail the business model, vision, shared values and strategy. These elements, in addition to an applied organizational style model, will allow a business ISMS to achieve the objectives set. Under this premise, a methodology was applied based on the theory of a 20-step selection process developed by Martha Alles, who summarizes the identification, evaluation, selection, hiring and incorporation of suitable staff, allowing to identify the Business Information Security Officer, as suggested by the ECU@Risk methodology. For this purpose, we analyze the main components that make up the recruitment, evaluation, selection and hiring process. The controls to the fulfillment of the corporate goals, the strategic planning and the models of structure and business culture.