The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program

As we begin this 21st century, an ISSO faces many more challenges than existed only a decade ago. The environment is faster, more technical, and much more challenging. The 21st-century ISSO must understand the global marketplace and the company's business environment much more than was necessary only a decade or so ago:

• ISSOs must understand their company's business, including its history, products, competition, plans, costs, and product value.

• ISSOs must understand business, management, and how to communicate with management in management's language—not in "computerese"!

• ISSOs must document major InfoSec decisions to provide a historical file that can be used in the future when considering similar situations.

• ISSOs must also think and act as business managers of the company.

• ISSOs must be service and support oriented.

Company managers must understand their assets protection responsibilities. That is especially important today, when information protection and crime prevention should be a major responsibility of every company manager. For it is only with that understanding, support, and action that companies can respond to attacks against them from competitors, nation-states, and techno-spies.