The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program

Based on what you have read, consider the following questions and how you would reply to them:

• Does your corporation have government contracts?

• Do you have responsibility for an InfoSec program for the government information and/or systems used on the government contracts?

• If not, why not?

• Are you in communication with the government customers' security focal point to ensure that you are meeting the customers' security needs?

• Have you been delegated customer-approval authority to approve systems processing government-agency customer information?

• If so, what are the pros and cons of such a responsibility?

• Are the InfoSec programs used for your government customers always meeting the contractual requirements?

• Do your government customers conduct compliance inspection of your systems, processes, documentation, and the like?

• If deficiencies were noted, do you not only fix the problems, but also install processes so that they will not happen again?

• What are you doing to assist in attracting new government customers?

• If nothing, why not?

• If you could help attract new government customers, how would you go about doing it?