The IT Law Wiki
m
Tag: sourceedit
m
Tag: sourceedit
 
Line 1: Line 1:
== Definition ==
+
== Definitions ==
   
An '''Information Security Officer''' is the
+
An '''Information Security Officer''' is
   
{{Quote|[o]fficial responsible for carrying out the [[Chief Information Officer]] responsibilities under [[FISMA]] and serving as the [[Chief Information Officer]]'s primary liaison to the agency's authorizing officials, [[information system]] owners, and [[information system]] [[security officer]]s.<ref>44 U.S.C. §3544.</ref>}}
+
{{Quote|[the o]fficial responsible for carrying out the [[Chief Information Officer]] responsibilities under [[FISMA]] and serving as the [[Chief Information Officer]]'s primary liaison to the agency's authorizing officials, [[information system]] owners, and [[information system]] [[security officer]]s.<ref>44 U.S.C. §3544.</ref>}}
  +
  +
{{Quote|[t]ypically a member of an organization who has the responsibility to establish and maintain [[information security policy]], [[assess]]es [[threat]]s and [[vulnerabilities]], performs [[Risk assessment|risk]] and [[control assessment]]s, oversees the governance of [[security]] operations, and establishes [[information security]] training and awareness programs. The ISO also usually interfaces with [[[security]] operations to manage [[implementation]] details and with [[auditor]]s to [[verify]] [[compliance]] to established [[policies]].<ref>[[Criminal Justice Information Services Security Policy]], Glossary, at A-6.</ref>}}
   
 
== References ==
 
== References ==

Latest revision as of 04:30, 8 August 2016

Definitions[]

An Information Security Officer is

[the o]fficial responsible for carrying out the Chief Information Officer responsibilities under FISMA and serving as the Chief Information Officer's primary liaison to the agency's authorizing officials, information system owners, and information system security officers.[1]
[t]ypically a member of an organization who has the responsibility to establish and maintain information security policy, assesses threats and vulnerabilities, performs risk and control assessments, oversees the governance of security operations, and establishes information security training and awareness programs. The ISO also usually interfaces with [[[security]] operations to manage implementation details and with auditors to verify compliance to established policies.[2]

References[]

  1. 44 U.S.C. §3544.
  2. Criminal Justice Information Services Security Policy, Glossary, at A-6.