ISSO

check out: http://convocourses.com
0:00 ISSO Therapy Session
14:38 Things to read for Risk Management Framework
23:37 How to Get a Security Clearance?
33:01 Do I Need a Prestigious University for Cybersecurity?
43:24 Why I don’t take calls as a mentor?
44:57 Advice for a new SCA (Security Control Assessor)
49:31 Cybersecurity Resume Tips for Security jobs

Podcast: Play in new window | Download

Separation of Duties with one person ISSO

April 1, 2021 by Leave a Comment

Separation of duties is an important security best practice. Separation of duties (SoD) is where an organization creates different roles for very important tasks. For example, a system administrator should not have the role of an auditor. The reason you separate these roles is because there is a conflict of interest where the system administrator auditing their own system will not be able to be completely objective when performing an assessment.

ISSO must Support the Team

March 31, 2021 by Leave a Comment

As an ISSO you are not Atlas holding up the the security of the entire organization. Instead you are part of a larger process. The risk management process and the organization as a whole abides by the process so the risk is managed by all. It is very stressful to try to take on all the responsibility and risk of the entire organization. It is also impossible for one person to absorb all that risk and run a successful organization with a great degree of confidence. The ISSO must be apart of the team and support the team.