The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program

As the ISSO and leader of a CIAPP service and support organization, you must be especially tuned to the needs, wants, and desires of your customers, both internal (those within the company) and external (those who are outside the company and are usually the company's customers).

To provide service and support to your external customers, you must:

• Identify their information protection needs;

• Meet their reasonable expectations;

• Show by example that you can meet their expectations;

• Treat customer satisfaction as priority 1;

• Encourage feedback and listen;

• Understand their needs and expectations;

• Treat customer requirements as an important part of the job;

• Establish measures to ensure customer satisfaction; and

• Provide honest feedback to customers.

To provide service and support to your internal customers, you must:

• Support their business needs;

• Add value to their services;

• Minimize security impact to current processes; and

• Follow the same guidelines as for external customers.

As the IWC ISSO, you will also be dealing with suppliers of CIAPP products. These suppliers or vendors are valuable allies because they can explain to you the many new CIAPP-related problems being discovered, and how their products mitigate those problems. In addition, they can keep you up-to-date on the latest news within the ISSO profession and about the latest InfoSec tools available. Furthermore, you can make yourself available to beta test new InfoSec products and provide feedback so the final products will meet your needs.

In dealing with suppliers of CIAPP-related products, you should do the following ^[2]:

• Advise them of your needs and what types of products can help you.

• Assist them in understanding your requirements and products that you want from them, including what modifications they must make to their products before you are willing to purchase them.

• Direct them in the support and assistance they are to provide you.

• Respect them as team members.

• Value their contributions.

• Require quality products and high standards of performance from them.

• Recognize their needs also.

^[2]We will also discuss cost-effective ways to keep current in the ISSO profession in a later chapter. This is another way of doing it.