90 likes | 322 Views
October 17, 2007. State Information Security Office. 2. Guide for Role and Responsibilities. The Guide includes:References policy requiring an ISODescribes skills and abilitiesRecommends training and certificationIdentifies the Role and Responsibilities covering the 12 Components of an Effective
E N D
1. Role and Responsibilities of an Information Security Officer (ISO) Presented by
Rosa Umbach
2. October 17, 2007 State Information Security Office 2 Guide for Role and Responsibilities The Guide includes:
References policy requiring an ISO
Describes skills and abilities
Recommends training and certification
Identifies the Role and Responsibilities covering the 12 Components of an Effective Information Security Program
3. October 17, 2007 State Information Security Office 3 The ISO in State Government All state agencies must designate an ISO to oversee the agency's compliance with information security requirements.
SAM Section 4841.1
SAM Section 4841.2
Sam Section 4845
4. October 17, 2007 State Information Security Office 4 Successful ISOs – Necessary Skills and Abilities Strategic
Agency’s program areas and business needs
Keeping abreast of evolving technologies
Management and communication skills
Effective communication, verbal and written
Interact with critical staff
Technical Competence
Knowledge and skills
Understand how technical issues affect the business of the agency
5. October 17, 2007 State Information Security Office 5 Training and Certification Training Suggestions
Basic information security training
Management and leadership
Legal courses in security
Technical security
Audit
Certification
6. October 17, 2007 State Information Security Office 6 12 Components of an Effective Information Security Program Risk Management
Policy Management
Organizing Information Security
Asset Protection
Human Resource Security
Physical and Environmental Security
Communication and Operations Management
Access Control
Information Systems Acquisition, Development and Maintenance
Incident Management
Disaster Recovery Management
Compliance
7. October 17, 2007 State Information Security Office 7 Security Program Guide The twelve key components identified in the Information Security Program Guide for State Agencies were used in this Guide to support ISOs with their role of proper planning, development, management and oversight of an information security program.
8. October 17, 2007 State Information Security Office 8 Contacts Rosa Umbach
(916) 445-1777 ext 3242
Colleen Pedroza
(916) 445-1777 ext. 3224
Michele Robinson
(916) 445-1777 ext. 3263
SISO shared telephone (916) 445-5239
www.infosecurity.ca.gov