Introduction

The information environment of IWC is very dynamic and must be so in order for IWC to successfully compete in the fast-paced widget business in the global marketplace. Consequently, the world of the ISSO must also be very dynamic. The IWC ISSO must constantly be looking at where the IWC business is going and modify the CIAPP and InfoSec organization accordingly. The ISSO cannot sit back and think that the CIAPP is in place, the InfoSec organization is established, and everything is running smoothly—even when you think it is.

As IWC's ISSO you must be working everyday to provide effective and efficient service and support to IWC in the future. You must project ahead and look at potential new threats to IWC's information and systems and begin now to mitigate those future threats, such as cellular phones with installed digital cameras. The IWC ISSO, like all ISSOs, must establish proactive processes, as today's corporations depend too much on information and information systems to have those systems fail because the ISSO did not see the threat coming. Today's ISSOs must be proactive and not constantly reactive. Proactive processes are prepared to mitigate threats before they can occur—and it is cheaper than being reactive.

The ISSO must also reevaluate the CIAPP and have processes in place to constantly update it. In addition, all InfoSec functions must be reevaluated and updated as the need arises, but at least annually. The ISSO should lead an annual year-end review and analysis of the CIAPP and InfoSec functions. This is done so that the ISSOs can have some assurance that they are operating in the most effective and efficient way possible and needed changes are in place.