Introduction

Previous page
Table of content
Next page


The saying "Ya gotta have a plan" definitely applies to successfully accomplishing the duties and responsibilities of an ISSO. Without strategic, tactical, and annual plans, the ISSO would be spending all of every day running from crisis to crisis and haphazardly trying to protect information and information systems for IWC. In addition, these plans are the cost-effective method of providing a secure information environment for IWC.

There will always be crises to contend with; however, even most crises can be planned for so that when they occur, an emergency plan can be implemented. The plan will provide at least guidance and an outline of what to do—not only what to do, but when and how to do it rapidly and effectively. Let's face it: Most crises can be identified, and we are already accustomed to doing so through our disaster recovery and contingency planning for such events as fires, typhoons, and earthquakes. We should do the same for other events that would be classified as an emergency, such as, but of course not limited to, the following:

  • Web site attack and defacement;

  • Denial of service attack;

  • Worm or virus attack; and

  • Other malicious attacks or accidents.

As an ISSO, when you learn of a new type of attack, check your emergency-contingency plans and determine whether the latest type of attack would be addressed by one of those plans. If so, great! If not, then it's time to develop another plan or update a current plan. By the way, as you should already know:

  • These plans must be developed with input from various departments such as auditors, legal, and IT in a project team environment;

  • They must be kept current; and

  • They must be tested often to ensure that the identified emergency response team is trained and can operate effectively and efficiently.

As with the Corporate Information Assets Protection Program (CIAPP), all plans should be placed online with read access for all employees. It will also be easier to keep the plans current, and through the intranet Web site or through e-mail, everyone can be notified of the changes to the plans. The ISSO should also have a project to ensure that information and systems protection policies and procedures are kept online for read access by all employees. The ISSO should consider, as much as possible, having a paperless CIAPP and InfoSec organization.

At IWC, all information and systems protection plans are considered subsets of the CIAPP, as are all projects that are used to build the secure information environment.


Previous page
Table of content
Next page
The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204
Authors: Gerald L. Kovacich CFE CPP CISSP
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Absolute Beginner[ap]s Guide to Project Management
CISSP Exam Cram 2
Cisco IOS Cookbook (Cookbooks (OReilly))
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy