Summary

Once plans were in place, the ISSO could begin to develop an InfoSec organization to support the CIAPP. To do so, the ISSO must understand the following:

• Establishing an effective and efficient InfoSec organization and program requires a detailed analysis and integration of all the information that has been learned through the entire process of becoming an ISSO at IWC.

• Determining the need for InfoSec subordinate organizations requires detailed analysis of IWC's environment and an understanding of how to successfully apply resource allocation techniques to the InfoSec functions.

• Once the need for InfoSec subordinate organizations is determined, the ISSO must determine what functions go in what organizations.

• Establishing a formal InfoSec organization and InfoSec job family requires cooperation with Human Resources organizations and others; patience and understanding are mandatory.

• An ISSO who establishes a new organization for a corporation will be compelled to live within a less than ideal corporate world where forms and bureaucracies rule the day. To survive, the ISSO must understand how to use those processes efficiently and effectively in order to succeed.

• In most corporations, currently employed personnel who desire an InfoSec position, and who meet the minimum InfoSec requirements, must be hired before hiring an individual from the outside.

• Recruiting qualified InfoSec professionals can only be accomplished through widespread recruitment effort, using many marketing media; and successful advertisement is sometimes a matter of how much recruitment budget is available.