The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program

Based on what you have read, consider the following questions and how you would reply to them:

• Have you looked at the world in which your corporation does business?

• If so, what are the specific threats that you see which affect your IE assets protection functions now and in the future?

• Does your corporation have facilities in other nation-states?

• If so, what processes do you have in place to protect the IE assets in those nation-states?

• Do you follow political and social trends in the nation-states where your corporation does business?

• If so, do you have processes in place to analyze those trends for impact on the protection of your corporation's IE assets?

• Do you look at the future of high technology and analyze what protection mechanisms must also be ready for integration into those products when your corporation buys them?

• Are you aware of the vulnerabilities of the networks that are integrated or in some way attached to your corporation's networks?

• What can you do to ensure that vulnerabilities of the networks of others interfacing with your corporation's networks do not adversely affect your IE?

• Do you understand the culture and languages of those nation-states where your corporation has facilities?

• Do you understand the global marketplace and use that knowledge in developing your CIAPP?