Summary


Evaluations and analyses of the entire CIAPP and InfoSec organization help maintain a proactive and current protected-information environment. The ISSO should remember the following points:

  • It is a good idea to evaluate the entire CIAPP and InfoSec functions on an annual basis.

  • The evaluation should include all projects and LOEs.

  • Changes should be made where value is added in terms of cost decreases, productivity gains, or time savings.

  • Executive management should receive a clear, concise, business-oriented briefing on the state of the CIAPP and IWC's current protected information environment on at least an annual basis.

  • Metrics charts should be evaluated at least annually, then eliminated or modified as necessary.

  • Link analysis methodologies are useful in determining the success of an InfoSec Program.




The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net