Definitions Edit

General Edit

An information systems security officer (ISSO)

[s]pecializes in the information and security strategy within a system and is engaged throughout the systems development life cycle. [1]

Military Edit

An information system security officer (ISSO) is a person responsible to the Designated Approving Authority for ensuring that security is provided for and implemented throughout the life cycle of an AIS from the beginning of the concept development phase through its design, development, operation, maintenance, and secure disposal.[2]

Overview (General) Edit

An ISSO is responsible for overseeing all aspects of information security within a specific organizational entity. They ensure that the organization's information security practices comply with organizational and departmental policies, standards, and procedures.[3]

Overview (U.S. Department of State) Edit

"The ISSO:

(1) Ensures that the systems for which they are responsible are configured, operated, maintained, and disposed of in accordance with all relevant IRM and DS security guidelines;
(2) Is responsible for overseeing configuration and administration of auditing and for ensuring that audit trails are reviewed periodically and archived in accordance with security guidelines;
(3) Works closely with IMO/ISO/System Administrator to ensure all security related functions and activities are performed;
(4) Plays a leading role in introducing an appropriate methodology to help identify, evaluate, and minimize risks to all IT systems; and
(5) Is responsible to the CISO to ensure that [the] IT system is configured and maintained securely throughout its [[lifecycle] in accordance with the Systems Security Plan (SSP)."[4]

References Edit

  1. Cybersecurity Human Capital: Initiatives Need Better Planning and Coordination, at 38.
  2. DOD Directive 5200.28.
  3. NIST Special Publication 800-44 (Ver. 2), at 3-4.
  4. 5 FAM 820 (full-text).
Community content is available under CC-BY-SA unless otherwise noted.