|
Based on what you have read, consider the following questions and how you would reply to them:
Does your corporation have government contracts?
Do you have responsibility for an InfoSec program for the government information and/or systems used on the government contracts?
If not, why not?
Are you in communication with the government customers' security focal point to ensure that you are meeting the customers' security needs?
Have you been delegated customer-approval authority to approve systems processing government-agency customer information?
If so, what are the pros and cons of such a responsibility?
Are the InfoSec programs used for your government customers always meeting the contractual requirements?
Do your government customers conduct compliance inspection of your systems, processes, documentation, and the like?
If deficiencies were noted, do you not only fix the problems, but also install processes so that they will not happen again?
What are you doing to assist in attracting new government customers?
If nothing, why not?
If you could help attract new government customers, how would you go about doing it?
|