|
Two basic processes that are an integral part of a CIAPP are project management and risk management concepts.
As the CIAPP manager and leader for IWC you will also provide oversight on CIAPP-related projects which are being worked by members of your staff.
The criteria for a project are as follows: Formal projects, along with project management charts, will be initiated where improvements or other changes will be accomplished and where that effort has an objective, has beginning and ending dates, and will take longer than 30 days to complete.
If the project will be accomplished in less than 30 days, a formal project management process is not needed. The rationale for this is that projects of short duration are not worth the cost (in terms of time needed to complete the project plan, charts, etc.) of such a formal process.
To be cost-effective, the ISSO must apply risk management concepts and identify:
Threats to the information and information systems of IWC;
Vulnerabilities (information systems' weaknesses);
Risks; and
Countermeasures to mitigate those risks in a cost-effective way.
|