Summary


It is crucial for an ISSO who is new to the corporation to evaluate the current InfoSec organizational structure, the staff, and their experience and education and ensure the organization is cost-effectively structured. The ISSO should consider the following points:

  • Establishing the proper InfoSec functions in the right priority order is vital to establishing the InfoSec organization and CIAPP baseline.

  • The InfoSec functional processes should generally follow the function descriptions noted in the ISSO's charter of responsibilities.

  • Establishing a process to determine the categories of information identified by the general value of that information would assist in the development of a cost-effective CIAPP.

  • Functions and processes should be developed based on requirements, such as laws and regulations.

  • Flowcharts should be developed to help visualize the linkage between requirements; plans; vision, mission, and quality statements; policies; processes; and functions.

Note

Additional information on matters contained in this chapter is available on the Web site: http://www.shockwavewriters.com. Click on "Books," this book's cover icon, and then Chapter 8.




The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net