The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
|
Chapter List
- Chapter 5: The ISSO's Position, Duties, and Responsibilities
- Chapter 6: The Infosec Strategic, Tactical, and Annual Plans
- Chapter 7: Establishing a CIAPP and Infosec Organization
- Chapter 8: Determining and Establishing InfoSec Functions
- Chapter 9: Establishing a Metrics Management System
- Chapter 10: Annual Reevaluation and Future Plans
- Chapter 11: High-Technology Crimes Investigative Support
- Chapter 12: InfoSec in the Interest of National Security
Part Overview
After gaining a basic understanding of the external world with all its many threats to information and information systems—all of which have a direct bearing on the ISSO and the ISSO's job—Section II provides a more internal, business focus on the world of the ISSO.
This section of the book provides a look at the duties and responsibilities of an ISSO employed at the International Widget Corporation (IWC).
Section II begins with the identification of the position, duties, and responsibilities of the IWC ISSO. It progresses through a discussion of:
-
Establishing and managing a Corporate Information Assets Protection Program (CIAPP);
-
Strategic, tactical, and annual InfoSec and business planning;
-
Developing and managing an InfoSec organization and its functions;
-
Measuring InfoSec costs, failures, and successes through metrics management;
-
Supporting the IWC security department's investigative staff; and
-
An overview of InfoSec in a nation-state's national security environment.
|