Getting to Know IWC


Since the ISSO is new to IWC and the widget industry, the ISSO, in the first week of employment, will walk around the entire company, see how widgets are made, see what processes are used to make the widgets, and watch the process from beginning to end.

The ISSO wants to know as much as possible about the company. It is very important that the ISSO understand its inner workings. In fact, the ISSO, as an ISSO position applicant, researched and studied all available information about IWC and the widget industry before being interviewed and subsequently hired. Such knowledge proved very useful in the ISSO job interview process (see Chapter 16).

It is unfortunate, but many new ISSOs sit through the general in-briefing given to new employees and learn some general information about the company. They then go to their offices and start working, and they may not see how the company actually operates or makes widgets. They seldom see or meet the other people who have a role to play in hands-on protection of the information and information systems—IWC's most vital assets, second only to the employees. These people include the people using automated systems on the factory floor, human resources personnel, quality control personnel, auditors, procurement personnel, contract personnel, in-house subcontractors, and other non-IWC employees.

When asked why they don't walk around the plant or understand the company processes, the normal reply from an ISSO is: "I don't have the time. I'm too busy 'putting out fires'!" The answer to that dilemma is take a time management course; manage your time better; and make the time! An ISSO can't provide a successful and cost-effective service- and support-oriented CIAPP if there is no understanding of the company, its culture, and how its products are made. If you want to spend your time "putting out fires," do it right and join the fire department—because you won't be a successful ISSO!

The ISSO should know:

  • How the manufacturing processes operate;

  • How manufacturing is supported by other company elements;

  • How employees use IWC information and information systems;

  • The problems they are having doing their jobs because of asset protection—InfoSec—constraints; and

  • Whether or not they are even following the IWC asset protection policies and procedures related to IWC's sensitive information and information systems.

All the IWC assets protection policies and procedures neatly typed and placed in binders are ignored if they get in the way of employees doing their primary functions. The IWC ISSO must understand that one can't see this from the walled office or cubicle. The ISSO can only find this out by walking around the areas where the people are working and actually using IWC systems, and by talking to all levels of employees from corporate management to the system's custodians. In addition, the new ISSO should ensure that all members of the InfoSec staff do the same.




The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net