|
After gaining a basic understanding of the external world with all its many threats to information and information systems—all of which have a direct bearing on the ISSO and the ISSO's job—Section II provides a more internal, business focus on the world of the ISSO.
This section of the book provides a look at the duties and responsibilities of an ISSO employed at the International Widget Corporation (IWC).
Section II begins with the identification of the position, duties, and responsibilities of the IWC ISSO. It progresses through a discussion of:
Establishing and managing a Corporate Information Assets Protection Program (CIAPP);
Strategic, tactical, and annual InfoSec and business planning;
Developing and managing an InfoSec organization and its functions;
Measuring InfoSec costs, failures, and successes through metrics management;
Supporting the IWC security department's investigative staff; and
An overview of InfoSec in a nation-state's national security environment.
|