A company's most valuable asset is not the products it makes or the services it provides. It is the information it keeps. Protecting your company's information is vital to the continuance of your company and for the protection of your customers and clients. To protect that information, you need information assurance. Information assurance representatives are employees who are trained to protect company information and convey information only to those who need to know. If you do not have an information assurance rep, you should advertise for information assurance jobs. Then hire the most qualified employee based on the following.
Secure Transmission of Data
Ask your candidates about secure transmission of data. Supply them with your company's current model of secure transmission. Then request ideas and solutions of how your company could handle secure transmissions better and/or make them more secure. It helps to have members of your IT department sit in on the interview since information assurance takes a lot of its job tasks from this department.
Proprietary Information and Snooping
Ask the candidates about what they know about proprietary information. If they are handed documents or documents are transferred to them, are they likely to open and read them to see who the documents should go to, or will they just transfer them according to supervisor's instructions? The best answer the candidates can give should be one wherein they do not read the documents, but they do ask for confirmation of transfer to be sure that the sender and receiver are who they say they are.
Disaster Recovery and Protection
If your company resides in a region where extreme weather and/or natural disasters are common, you want to know how your information assurance rep will handle disaster recovery and protection of data. There are services that can be used for disaster recovery, including exporting files into the company Cloud until the building is secure and everything is up and running again. Protection of all files moved into the Cloud should include whatever measures the candidate thinks are best for your particular company (e.g., zipped files, double passwords, etc.).
Government compliance when necessary can help solve crimes. Your company still has the right to protect its information without revealing more than what government agencies require. Candidates for this position should be able to recite many of the government compliance regulations and how and when they might apply to your company.