Service, Support, and a Business Orientation


In any business, the ISSO must strive to balance the required "user friendly" systems demands of management and users with those of InfoSec. After all, InfoSec, unless it can be proven to be "value-added," thus at least paying for itself, is a parasite on profits, or at least adversely impacts budgets. This will be a factor to consider as you, the ISSO, establish the company's InfoSec processes, programs, plans, projects, budgets, etc.

Remember, that the InfoSec program must be service and support oriented. This is of vital importance. The ISSO must understand that the InfoSec program, if it becomes too costly, outdated, or does not meet the service and support needs of the business or government agency, will be discarded or ignored. Each of these possibilities will eventually lead to the dismissal of the ISSO. (Additional information on this will be discussed throughout this book.)

The dismissal of any ISSO affects all ISSOs. The ISSO profession is damaged, as is our professional credibility and our opportunities to protect vital information for our internal and external customers. It is difficult enough, even in today's environment, to "sell" an InfoSec program. It makes our jobs as ISSOs harder when one of us fails. The failure of an ISSO could be a lesson learned for all ISSOs. Learn not only from your own failures, but also from those of others.

The word of an ISSO's dismissal and failures does get around within the industry and government agencies, making it much more difficult for the ISSO's replacement to develop a professional InfoSec program. You may be that replacement.

As the ISSO, you must constantly update your InfoSec program and its processes. You must continuously look at changes in society and technology, plan for those changes, and be prepared to address InfoSec ramifications of the installation of new technology into the business before it is installed. You must implement InfoSec measures before someone can take advantage of a system vulnerability.

So far, ISSOs for the most part have been in a reactive mode, with little time to be proactive and put InfoSec defenses in place before they are needed! How to do that will be discussed in the following chapters.




The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net