• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

Information security officer

July 2, 2014 by Bruce Brown Leave a Comment

Information security officer (aka Information system security officer, ISSO) is an important role in the risk management process.  In fact, they are often the foot soldiers “charging the hill” during the entire risk management framework process.. (or sometimes, “ice skating uphill”).

The information system security role begins at the Initial phase of the System Development Lifecycle (SDLC).  According to the NIST SP 800-37, “The information system security officer is an individual responsible for ensuring that the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the information system owner”.  In the legacy DIACAP days this role was called  Information Assurance Officer (IAO).  The ISSO is created and managed by the Information System Security Manager (ISSM).

information system security officer
information system security officer

The information security officer is often expected to do multiple security disciplines not limited to: technical, administrative or even  physical security.

From a technical perspective, the ISSO can be tasked with doing continuous monitoring of threats, data loss prevention, detecting and resolving vulnerabilities using tools like security information and event managers (SIEM), vulnerability scanners, and anti-virus servers. They may assist the system administrators in implementing required security patches.  They may have to review code for security flaws, help with initial security architectures, conduct incident handling or any number of technical security tasks.

The administrative “to do list” of an information security officer might include creating, editing or reviewing security policies.  They may write standards, guideline and best practices related to the security features of systems.  Paperwork and policy in security requires a LOT of meetings and coordination with other parts of an organization.  The ISSO must be very good at dealing with technical subject matter experts and managers at every level since they are often the one in the middle of everything.

Information security officer’s are sometimes in-charge of making sure the physical security surrounding the information system is commensurate with the level of the information that needs to be protected.  That means that if the information on the asset is classified it may have to have MORE physical security than a system that has data processed on a web server for the public.  To do this, the ISSO will have to work with facility managers, security guard services and even building developers (in some cases).  They may also have to do crypto security.

The overall job of the ISSO is to maintain the security posture and security baseline of the system. For this reason they often wear many hats.

Filed Under: Risk Management For DoD IT, roles Tagged With: Information security officer, information system security officer, ISSO

Reader Interactions

Leave a Reply Cancel reply

You must be logged in to post a comment.

Social connect:

Primary Sidebar

search

Learn to Make 6 Figures in CyberSecurity

Cyber Security How to make up to 6 Figures
6 figures in Cyber Security

This course explains how I have been able to consistently make 6 figures doing cyber security. There is a method that I have used during my development in cyber security. I am presenting that method to you.

View Course

Teleworking - IT Remote Work
Teleworking – IT Remote Work

Teleworking is something I have been doing for the last 5 years. This is how I did it.

Find Teleworking IT Jobs

View Course

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • ConvoCourses podcast: Cyber Security day to day activity
  • ConvoCourses podcast – Cyber Security Therapy Sessions
  • ConvoCourses podcast: privacy protection overview resume review
  • Listing Lab work on Cybersecurity Resume
  • My Security Control Assessor Course

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert
  • Disa Help Desk | VinHomesData.com on STIG Update – DISA has released the Oracle Java Runtime Environment (JRE) 8 STIG Version 1
  • Bruce Brown on DIARMF – Continuous Monitoring
  • dpresbit on DIARMF – Continuous Monitoring

Tags

8140 8570 ArcSight c&a CISSP colorado cyber cybersecurity cyber security denver DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO job jobs Linux mcafee nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security SIEM STIG stigs unix VMWare windows

Copyright © 2021 · Author Pro on Genesis Framework · WordPress · Log in