|
Once plans were in place, the ISSO could begin to develop an InfoSec organization to support the CIAPP. To do so, the ISSO must understand the following:
Establishing an effective and efficient InfoSec organization and program requires a detailed analysis and integration of all the information that has been learned through the entire process of becoming an ISSO at IWC.
Determining the need for InfoSec subordinate organizations requires detailed analysis of IWC's environment and an understanding of how to successfully apply resource allocation techniques to the InfoSec functions.
Once the need for InfoSec subordinate organizations is determined, the ISSO must determine what functions go in what organizations.
Establishing a formal InfoSec organization and InfoSec job family requires cooperation with Human Resources organizations and others; patience and understanding are mandatory.
An ISSO who establishes a new organization for a corporation will be compelled to live within a less than ideal corporate world where forms and bureaucracies rule the day. To survive, the ISSO must understand how to use those processes efficiently and effectively in order to succeed.
In most corporations, currently employed personnel who desire an InfoSec position, and who meet the minimum InfoSec requirements, must be hired before hiring an individual from the outside.
Recruiting qualified InfoSec professionals can only be accomplished through widespread recruitment effort, using many marketing media; and successful advertisement is sometimes a matter of how much recruitment budget is available.
|