The IT Law Wiki


An Information Security Officer is

[the o]fficial responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer's primary liaison to the agency's authorizing officials, information system owners, and information system security officers.[1]
[t]ypically a member of an organization who has the responsibility to establish and maintain information security policy, assesses threats and vulnerabilities, performs risk and control assessments, oversees the governance of security operations, and establishes information security training and awareness programs. The ISO also usually interfaces with [[[security]] operations to manage implementation details and with auditors to verify compliance to established policies.[2]


  1. 44 U.S.C. §3544.
  2. Criminal Justice Information Services Security Policy, Glossary, at A-6.