Sample ISSO Portfolio Outline


The following is a sample outline for an ISSO position. You can use it to build your own, personal portfolio. Even if you don't have all the experience needed, you can still explain how you would do the job if given the chance.

  • Table of Contents

  • Introduction

  • The ISSO Position and IWC Values

  • InfoSec Strategic Objective

  • InfoSec Tactical Objectives

  • InfoSec Transition Plan and the Future

  • Why I'm the Right ISSO for the IWC Position

  • Examples of a Proven ISSO Record Which Will Meet IWC's Expectations and Needs

I. Introduction

  • Purpose: To tell you about me, my InfoSec-related education and experience, and how I can establish and lead an InfoSec program for IWC based on a cost-effective philosophy providing InfoSec services and support to our internal and external customers. (Note: Remember, a good technique to use during the interview is to use "we" and "our" in your discussions. This will help the interviewers look at you as a IWC team member. Approach it as if you already worked at IWC and you were in a IWC meeting discussing InfoSec issues.)

  • Objective: To convince you that I am the most qualified—and best—person for the position of ISSO for IWC, and to show how we can establish a business-oriented InfoSec program for IWC.

II. The Position and IWC Values

  • Customers:

    Meet our customers' reasonable expectations.

    Show by examples that we are the best in the industry in meeting any of their InfoSec needs.

  • IWC:

    Establish and manage an InfoSec program that supports business needs and requirements.

    Strive for an InfoSec program that adds value to IWC products and services.

  • IWC Suppliers:

    Advise them so they can develop quality InfoSec products that meet IWC needs at a reasonable price.

    Assist them in understanding our InfoSec needs.

    Direct them to only bring InfoSec products that can be integrated into the IWC InfoSec program, cost-effectively, with minimal maintenance.

  • Quality:

    Establish and manage an InfoSec program that provides quality service and support to its internal and external customers.

    Provide that quality service and support with least impact to cost and schedules.

  • Integrity:

    Follow the rules, both the spirit and the intent.

    Always be honest.

    Demonstrate ethical conduct at all times.

  • Leadership:

    Set the example.

    Help others along.

III. Strategic Objective

Build a comprehensive InfoSec environment that supports the IWC's business needs at least cost, least impact to schedules, and minimum risks to IWC's business, information, and systems.

IV. Tactical Objectives

  • Define detailed milestones for IWC's comprehensive InfoSec environment identified as the IWC strategic objective.

  • Describe the current IWC InfoSec environment.

  • Identify the difference between 1 and 2.

  • Establish the Master Project and Schedule to meet the strategic, tactical, and annual objectives as integral parts of IWC's business plans.

V. Transition Plan and the Future

First Month

  • Week 1:

    1. Begin transition meetings with management to discuss expectations, goals, objectives, and budget.

    2. Begin familiarization with IWC processes and how systems are being used at IWC by all key departments.

    3. Begin review of IWC policies and procedures which relate to InfoSec.

    4. Establish appointments to meet with applicable department heads to discuss their ideas related to InfoSec, and how it may help or hinder their operations.

  • Week 2:

    1. One-on-one meetings with each department head.

    2. In-depth interviews with peers in InfoSec-related organizations.

    3. Begin defining the InfoSec level of effort required.

  • Week 3:

    1. Coordinate personnel and organizational issues with HR staff.

    2. Coordinate with internal customers.

  • Week 4:

    1. Finalize InfoSec plans, to include strategic, tactical, and annual.

    2. Begin recruitment and hiring as applicable.

    3. Continue coordination meetings with applicable peers and executive management.

  • Rest of the Year:

    Develop, implement, and manage InfoSec projects.

    Develop InfoSec metrics and manage the InfoSec program.

    Continue working InfoSec issues with the IWC InfoSec team.

    Continue evaluating potential InfoSec cost reductions based on cost-risk assessment methodology.

  • At year-end, analyze successes and failures; validate goals and objectives; and plan projects for the next year.

  • Continue to evaluate various InfoSec program processes; make changes where necessary to keep it a fresh, active, and viable program.

  • Next Year—2004

    Continue and refine from first-year goals.

    Increase/enhance skills of organization/staff.

    Ensure that IWC's InfoSec program becomes an integrated, value-added program.

VI. Why I'm the Right ISSO for the IWC Position

This section includes the highlights of your resume; a copy of the resume should also be inserted in this section. Remember, don't use a boilerplate resume. Tailor it for the IWC job based on the "advertised" IWC job description.

  • A bachelor's degree in InfoSec, which shows that I have the educational background to understand the academic and technical aspects of the profession.

  • An MBA, which shows that I have the business and management background to understand IWC from a business perspective.

  • Experience in supporting and providing services and support to similar customers.

  • Enjoy the trust and confidence of other professional ISSOs in both government agencies and business environments.

  • Detailed knowledge of all InfoSec-related federal and state laws and regulations. (Note: The ISSO should identify all federal and state laws that apply.)

  • A detailed knowledge of information systems, their threats, vulnerabilities, and associated risks.

  • Always enjoyed the trust and confidence of corporate management wherever I have been employed.

  • A proven InfoSec plan is already prepared, tailored for IWC and ready for implementation.

  • Previous experience in coordinating related activities with local District Attorney, FBI, local police, and Secret Service.

  • Experienced in InfoSec and management leadership roles, such as government standards, committees, and working groups.

VII. Examples of a Proven ISSO Record Which Will Meet IWC's Expectations and Needs

  • Functional Costs Averages (In this section, list all the information related to past budget, tracking, etc.)

  • Project Management (In this section, list samples of project management tracking, e.g., Gantt charts.)

  • Metrics Management (In this section, list the metrics you have developed or would use to manage InfoSec functions.)




The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net