The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
|
It is crucial for an ISSO who is new to the corporation to evaluate the current InfoSec organizational structure, the staff, and their experience and education and ensure the organization is cost-effectively structured. The ISSO should consider the following points:
-
Establishing the proper InfoSec functions in the right priority order is vital to establishing the InfoSec organization and CIAPP baseline.
-
The InfoSec functional processes should generally follow the function descriptions noted in the ISSO's charter of responsibilities.
-
Establishing a process to determine the categories of information identified by the general value of that information would assist in the development of a cost-effective CIAPP.
-
Functions and processes should be developed based on requirements, such as laws and regulations.
-
Flowcharts should be developed to help visualize the linkage between requirements; plans; vision, mission, and quality statements; policies; processes; and functions.
| Note | Additional information on matters contained in this chapter is available on the Web site: http://www.shockwavewriters.com. Click on "Books," this book's cover icon, and then Chapter 8. |
|