Definitions[edit | edit source]
General[edit | edit source]
An information systems security officer (ISSO)
|“||[s]pecializes in the information and security strategy within a system and is engaged throughout the systems development life cycle. ||”|
Military[edit | edit source]
An information system security officer (ISSO) is a person responsible to the Designated Approving Authority for ensuring that security is provided for and implemented throughout the life cycle of an AIS from the beginning of the concept development phase through its design, development, operation, maintenance, and secure disposal.
Overview (General)[edit | edit source]
An ISSO is responsible for overseeing all aspects of information security within a specific organizational entity. They ensure that the organization's information security practices comply with organizational and departmental policies, standards, and procedures.
Overview (U.S. Department of State)[edit | edit source]
- (1) Ensures that the systems for which they are responsible are configured, operated, maintained, and disposed of in accordance with all relevant IRM and DS security guidelines;
- (2) Is responsible for overseeing configuration and administration of auditing and for ensuring that audit trails are reviewed periodically and archived in accordance with security guidelines;
- (3) Works closely with IMO/ISO/System Administrator to ensure all security related functions and activities are performed;
- (4) Plays a leading role in introducing an appropriate methodology to help identify, evaluate, and minimize risks to all IT systems; and
- (5) Is responsible to the CISO to ensure that [the] IT system is configured and maintained securely throughout its [[lifecycle] in accordance with the Systems Security Plan (SSP)."
References[edit | edit source]
- Cybersecurity Human Capital: Initiatives Need Better Planning and Coordination, at 38.
- DOD Directive 5200.28.
- NIST Special Publication 800-44 (Ver. 2), at 3-4.
- 5 FAM 820 (full-text).