|
It is crucial for an ISSO who is new to the corporation to evaluate the current InfoSec organizational structure, the staff, and their experience and education and ensure the organization is cost-effectively structured. The ISSO should consider the following points:
Establishing the proper InfoSec functions in the right priority order is vital to establishing the InfoSec organization and CIAPP baseline.
The InfoSec functional processes should generally follow the function descriptions noted in the ISSO's charter of responsibilities.
Establishing a process to determine the categories of information identified by the general value of that information would assist in the development of a cost-effective CIAPP.
Functions and processes should be developed based on requirements, such as laws and regulations.
Flowcharts should be developed to help visualize the linkage between requirements; plans; vision, mission, and quality statements; policies; processes; and functions.
Note | Additional information on matters contained in this chapter is available on the Web site: http://www.shockwavewriters.com. Click on "Books," this book's cover icon, and then Chapter 8. |
|