IWC InfoSec Functions Process Development

Previous page
Table of content
Next page


The ISSO has learned that the development of a new CIAPP requires the establishment of InfoSec functions for that program. Establishing a process for each function, as the first task, will assist in ensuring that the functions will begin in a logical, systematic way that will lead to a cost-effective CIAPP.

Requirements Identification Function

As previously stated, the ISSO has determined that the driver for any CIAPP-related function is the requirements for InfoSec function. The requirements are the reason for the CIAPP. This need is further identified and defined, and is subsequently met by the establishment of the InfoSec functions.

So, to begin the functions' process identification, it is important to understand where the requirements—where the need—comes from as seen from a slightly different perspective. [5] For IWC, it is as follows:

  • A need for an InfoSec program (CIAPP) as stated by the IWC executive management to protect IWC's competitive edge, which is based on information systems and the information that they store, process, display, and transmit;

  • Contractual requirements as specified in contracts with IWC customers, such as protecting customers' information;

  • Contractual requirements as specified in contracts with IWC subcontractors, such as protecting subcontractors' information;

  • Contractual requirements as specified in contracts with IWC vendors, such as protecting their information;

  • IWC's desire to protect its information and systems from unauthorized access by customers and subcontractors, and vendors; and

  • Federal, state and local laws which are applicable to IWC, such as requirements to protect the privacy rights of individuals and corporations as they relate to the information stored, processed, and transmitted by IWC systems.

[5]You may find that this driver-requirement, CIAPP-InfoSec functions topic is redundant. Ideally, it is, and you are beginning to get ingrained in your ISSO head that these are the basics that every ISSO should know and use as the baseline for leading and managing an information and systems protection program for a company or government agency. I hope that after reading this book, certain basic philosophies, such as the fact that InfoSec is a parasite on the profits, will be made an automatic part of any CIAPP type of program and InfoSec organizations you will lead and manage.


Previous page
Table of content
Next page
The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204
Authors: Gerald L. Kovacich CFE CPP CISSP
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
SQL Hacks
Mastering Delphi 7
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy