The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
|
The Appointment of the Defense Industry-Related Corporation's Focal Point for Infosec
Gaining approval to process, store, display, and transmit national security information usually requires the approval of the government customer security officer. As with any such process, documentation is required on which to base that approval. The types, format, and specific requirements will vary depending on the customer and the classification of the information, such as Top Secret, Secret, or Confidential.
This InfoSec-related document usually requires that the defense-industry-related corporation (in this case, the ISSO) appoint a focal point with the responsibility for ensuring the national security information is protected in accordance with the contract and applicable related laws, regulations, and other provisions as specified by the government customer.
The responsibilities of the IWC ISSO[4] include:
-
Directing the InfoSec program for the contract;
-
Ensuring that the personal clearance and NTK of users is in place and enforced;
-
Ensuring that the users receive national security briefings and training;
-
Ensuring audit trails are in place and audit records reviewed in a timely manner;
-
Ensuring the AIS is operating as approved by the government customer;
-
Ensuring that any InfoSec-related problems are promptly handled; and
-
Designating InfoSec custodians for each AIS who are responsible for the day-to-day InfoSec program for the specified AIS.
[4]The individual appointed may have a title other than InfoSec, depending on the government customer, nation-state, or defense-industry-related corporation. That person may be known as the Corporate InfoSec Officer, the Corporate Information Security Officer, the Widget Program InfoSec Officer, etc. Furthermore, the need for documentation, type, etc., will vary not only by nation but also by government agencies within a nation.
|