• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs
  • Log in

Information security officer

July 2, 2014 by Bruce Brown Leave a Comment

Information security officer (aka Information system security officer, ISSO) is an important role in the risk management process.  In fact, they are often the foot soldiers “charging the hill” during the entire risk management framework process.. (or sometimes, “ice skating uphill”).

The information system security role begins at the Initial phase of the System Development Lifecycle (SDLC).  According to the NIST SP 800-37, “The information system security officer is an individual responsible for ensuring that the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the information system owner”.  In the legacy DIACAP days this role was called  Information Assurance Officer (IAO).  The ISSO is created and managed by the Information System Security Manager (ISSM).

information system security officer
information system security officer

The information security officer is often expected to do multiple security disciplines not limited to: technical, administrative or even  physical security.

From a technical perspective, the ISSO can be tasked with doing continuous monitoring of threats, data loss prevention, detecting and resolving vulnerabilities using tools like security information and event managers (SIEM), vulnerability scanners, and anti-virus servers. They may assist the system administrators in implementing required security patches.  They may have to review code for security flaws, help with initial security architectures, conduct incident handling or any number of technical security tasks.

The administrative “to do list” of an information security officer might include creating, editing or reviewing security policies.  They may write standards, guideline and best practices related to the security features of systems.  Paperwork and policy in security requires a LOT of meetings and coordination with other parts of an organization.  The ISSO must be very good at dealing with technical subject matter experts and managers at every level since they are often the one in the middle of everything.

Information security officer’s are sometimes in-charge of making sure the physical security surrounding the information system is commensurate with the level of the information that needs to be protected.  That means that if the information on the asset is classified it may have to have MORE physical security than a system that has data processed on a web server for the public.  To do this, the ISSO will have to work with facility managers, security guard services and even building developers (in some cases).  They may also have to do crypto security.

The overall job of the ISSO is to maintain the security posture and security baseline of the system. For this reason they often wear many hats.

Filed Under: Risk Management For DoD IT, roles Tagged With: Information security officer, information system security officer, ISSO

Reader Interactions

Leave a Reply Cancel reply

You must be logged in to post a comment.

Social connect:

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Convocourses Podcast: Plan of Action and Milestone
  • Start with These IT Certifications (Part 1)
  • How to Tailor Security Controls in NIST 800
  • #cybersecurityjobs are recession proof
  • What IT Certifications for Information Security (part 2) (8140)

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce IA implement implementation info assurance information assurance information security ISSO IT it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in