Section II: The Duties and Responsibilities of an ISSO

Chapter List

Chapter 5: The ISSO's Position, Duties, and Responsibilities

Chapter 6: The Infosec Strategic, Tactical, and Annual Plans

Chapter 7: Establishing a CIAPP and Infosec Organization

Chapter 8: Determining and Establishing InfoSec Functions

Chapter 9: Establishing a Metrics Management System

Chapter 10: Annual Reevaluation and Future Plans

Chapter 11: High-Technology Crimes Investigative Support

Chapter 12: InfoSec in the Interest of National Security

Part Overview

After gaining a basic understanding of the external world with all its many threats to information and information systems—all of which have a direct bearing on the ISSO and the ISSO's job—Section II provides a more internal, business focus on the world of the ISSO.

This section of the book provides a look at the duties and responsibilities of an ISSO employed at the International Widget Corporation (IWC).

Section II begins with the identification of the position, duties, and responsibilities of the IWC ISSO. It progresses through a discussion of:

• Establishing and managing a Corporate Information Assets Protection Program (CIAPP);

• Strategic, tactical, and annual InfoSec and business planning;

• Developing and managing an InfoSec organization and its functions;

• Measuring InfoSec costs, failures, and successes through metrics management;

• Supporting the IWC security department's investigative staff; and

• An overview of InfoSec in a nation-state's national security environment.