The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program

Based on what you have read, consider the following questions and how you would reply to them:

• As an ISSO, do you think you have a role to play in IW?

• What do you think is the role of an ISSO in the "IT battlefield"?

• Does your CIAPP or related documents consider IW attacks?

• Do your plans consider what must be done to avoid collateral damage in the event of IW attacks against others?

• Can your systems determine whether attacks against it were IW attacks?

• Do you believe offensive IW is a good way to defend against IW attacks, for example, tracing the attacker back to his or her systems and unleashing malicious code against the attacker?

• Do you believe that some of the IW philosophies should be incorporated into your CIAPP, such as OPSEC, information operations?

• If not, why not?