Duties and Responsibilities of an ISSO in Deterring High-Technology Crimes

Although investigations at IWC are the purview of the Security staff, the ISSO and Director of Security both knew that many such investigations, or NCIs, are high-technology-based, such as those involving microprocessors (computers). Therefore, the ISSO's staff would be active in supporting Security's anticrime program as part of Security's assets protection program for IWC. They both knew that the entire IWC assets protection program would be best served, that is, more effectively and efficiently accomplished, if the ISSO and the InfoSec functions reported to the Director of Security instead of to the CIO.

However, at IWC, as at many corporations, the Director of Security really did not want that responsibility, and politically, it was a difficult sell to executive management. Furthermore, the ISSO position that now reports to the CIO who reports to the CEO would be downgraded, as the ISSO would report to the Director of Security, who reports to the Vice President, Human Resources, who reports to Corporate Office Executive Vice President, who reports to the CEO. The position would also mean less prestige, less money, and the inability to exercise management authority at a sufficiently high level.

However, the Director and ISSO agreed that a high-technology crime prevention program should be established at IWC as part of the IWC's total assets protection program that is led by the Director of Security. Therefore, the Director and ISSO decided to establish a project to provide such a program and ensure that it interfaced with the CIAPP. It was also agreed that a long-term goal would be to integrate the crime prevention, CIAPP, and IWC physical assets protection policies into an overall IWC Assets Protection Program under the authority of both the Director and ISSO using a matrix management approach.

The Director and ISSO agreed that the ISSO's approach to the CIAPP and related InfoSec functions was adaptable to the development of a high-technology crime prevention program. After that initial baseline was developed by the ISSO, the Director would integrate antitheft, antifraud, and other crime-related policies, procedures, and processes into the program and baseline it as part of the IWC assets protection program under the authority of the Director of Security.

They both agreed that the basic goal on which to build the IWC high-technology crime prevention program (HTCPP) is the development of a comprehensive high-technology crime prevention environment at least cost and impact to IWC.

The Director and ISSO decided to categorize HTCPP investigations and NCIs so that they could more easily be analyzed and placed in a common database for analyses such as trends or vulnerabilities of processes that allow such incidents to occur. The ISSO agreed that the ISSO's organization would maintain the database, but the security staff would have input and read access. However, modifications, maintenance, upgrades, and deletions would be controlled by the ISSO to ensure that the integrity of the database was maintained. The initial categories agreed to by the Director and ISSO were:

• Violations of laws (required by law to be reported to government investigative agency);

• Unauthorized access;

• Computer fraud;

• Actions against users;

• Actions against systems;

• Interruption of services;

• Tampering;

• Misuse of information;

• Theft of services;

• Other crimes where computers were used:

  • Money laundering

  • Copyright violations

  • Intellectual property thefts

  • Mail fraud

  • Wire fraud

  • Pornography

• Other crimes

• Violators

  Internal

  External

It was further agreed that these categories would be expanded based on analyses of investigations and noncompliance inquiries conducted to date.