Introduction

Previous page
Table of content
Next page


Not long after the ISSO took over the job as the IWC ISSO, a meeting was held between the ISSO and the IWC Director of Security. At that time, an agreement was reached as to the ISSO's duties and responsibilities and those of the Director of Security. The Director of Security agreed that the ISSO's duties and responsibilities would conflict with those of the Security Department if the ISSO conducted any type of investigation. The Director of Security and the ISSO reached a compromise and agreed that any infractions of the CIAPP could be looked at by the ISSO as long as it related to noncompliance with the CIAPP, such as violation of automated information protection.

They both agreed:

  • To differentiate between an investigation and the ISSO's inquiries by having the ISSO call that function "noncompliance inquiries" (NCI) and focusing on the CIAPP infractions;

  • An information copy of each NCI was to be forwarded to the Director of Security;

  • The ISSO would provide technical and forensics support to the Security staff, when requested;

  • The Director of Security was the IWC focal point for law enforcement liaison activities, and any need to contact a law enforcement agency must be approved by the Director of Security, as well as others such as the IWC Public Relations staff and the IWC legal staff;

  • In the event the ISSO or members of the ISSO's staff were contacted for any requests by outside agencies for investigative assistance, that request must be coordinated with the Director of Security and others at IWC;

  • The ISSO's staff would provide in-house computer forensics training to the Security staff twice a year;

  • The Security staff would provide in-house training in assets protection and basic investigative techniques, such as how to conduct an interview, to the InfoSec staff twice a year; and

  • The Security staff would provide budget for computer forensics software to be used in support of Security investigations, on an as-needed basis.

After completion of the discussion by the ISSO, the Director of Security knew that the ISSO and the InfoSec organization under the CIO were where they should be. The complicated job and headaches of the ISSO relative to NCIs and the entire CIAPP matter was something that the Director did not want to be responsible for.


Previous page
Table of content
Next page
The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204
Authors: Gerald L. Kovacich CFE CPP CISSP
BUY ON AMAZON
High-Speed Signal Propagation[c] Advanced Black Magic
A Practitioners Guide to Software Test Design
An Introduction to Design Patterns in C++ with Qt 4
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy