The Rookie Chief Information Security OfficerDeborah StovallSEC 402 Cyber SecurityThe Essential Body of KnowledgeProfessor Donna DanseyMarch 11, 2019Organization ChartAs a matter of record, it is widely known that information security is critical to all organizations to protect their data and continue operating. Information security is defined as the protection of information, the system, and hardware that use, store and transmit that information. The four important jobs that Information security performs for an organization are to protect the organization’s ability to continue operations, to enable the safe operation of applications implemented on the organization’s IT systems, to protect the data the organization collects, stores, shares, and utilizes.
Lastly it is responsible for the safeguarding the technology assets which are in use at the organization. With each implemented information security plan within an organization there are challenges and risks involved. The Information Security Officer (ISO)role is defined as the person who provides the vision and strategies necessary to ensure the confidentiality, integrity, and availability of electronic information by communicating risk to senior administration, creating and maintaining enforceable policies and supporting processes, and ensuring compliance with regulatory requirements.
(Techopedia. (n.d.)). ISO’s play a vital role in protecting an organization, establishing and enforcing security policies. because an information security breach can result in disruption to the business, loss of confidential or commercially sensitive data, and financial loss. Security breaches take a number of forms, including attacks by cyber-criminals, virus attacks and attempts by unauthorized parties, inside and outside the company, to obtain passwords or personal data. The information security programs have essentially five goals within that particular team workflow: To safeguard the critical data and processing assets of an organization. To govern the weaknesses inside the data processing framework To educate the staff about their information security and privacy To perform security classifications and risk analysis. To safeguard critical records and data, requiring information to be protected in terms of its requirements for availability, integrity, and confidentiality.Due to the eventual nature of a data breach the majority of organizations today have designated a department so called the ISO within the company to govern the agencies compliance with information security requirement. Organizations must annually verify that it complies with all state policies governing information technology, security and risk management by its director. Role: Information Security OfficerBy maintaining the direct responsibility for this analysis and review the ISO has enabled the acceptance of the review to create on a functional basis a relationship rather than reorganizing the department. Role: Strategic It is expected that the Information Security Officer must display a complete understanding of the organization’s programs, the business requirements, and the activities of the roles within the organization. The ISO Team must continue to evolve as it pertains to technologies to ensure appropriate security controls within the organization. The ISO is the Frontline defense to identify and thwart potential threats, the frontlines have the important role of identifying potential security risks to the organization and having the ability to evaluate and recommend appropriate security measures. A comprehensive strategic analysis enables a well-informed organizational management to have a clear understanding, ability to mitigate and reduce the risks. Role: Management and communication skillsSecurity personnel interact with people on a daily basis, whether it is giving directions, interviewing, or simply reporting and incident to management. Effective communication is essential and the basis of the development of the organizational management, communication both verbally and written must be properly understood for effective functionality of the organization. (Techopedia. (n.d.)).Role: Technical competenceThe ISO team would be required to have a general knowledge of the technical competencies and issues of the business and the organization to lead. Without the proper technical security knowledge, it may prove difficult to obtain the respect from the organization. Role: The Structure of Reporting for the Security Organization as CISO Security Engineering, CIO, CICO, IT Security Engineer, IT Security Compliance officer, Security Governance & Reporting, Information Security Project Team, , Security Operations, and CyberOPsBased on the expectation of scope and breathe of service the IT unit is to provide the organization the information technology leaders emerge central in the structure within the organization. The centralized IT organizational structure defines the requirements of the primary organization. The appropriate balance of centralized verses decentralized recourses pool of staffing and budget resources is directly related to expectations of the organization.Role: Security Compliance OfficerThe security compliance officer’s responsibility is to guarantee a fixed operation of the existent computer systems, network connections and servers in conformity with the company’s inner operations, techniques and compliance requirements. The security compliance officer’s job duties also involve administering scheduled audits on a regular basis on internal systems and organizing third-party audits as necessary in order to retain certifications and compliance certificates. -43292447698300Organization chart to reflect the FEPOCRole: Security Manager A security manager’s responsibilities consist of the operations of heightening security in an organization or company. The commitment of a security manager, multitude of which can be associated to evaluating and applying security for parts of an IT setup, for systems, material warehouses and more.Role: CIOA chief information officer (CIO) is the corporate administrator in control of Information Technology (IT) policy and execution. In addition to supervising all the hardware, software and information that aide’s other associates of the C-suite do their work successfully, the CIO should investigate current technologies, strategize how technology can be able to produce business advantage and inscribe the threats connected with digital data.Role: CISOThe CISO (chief information security officer) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO may also operate alongside the chief information officer (CIO) to obtain cyber security commodities and services and to organize disaster recovery and business continuity plans.Role: Information Systems Security EngineerAn information systems security engineer (ISSE) is a person who is accountable for uncovering and meeting systems safety needs. An ISSE generally describes system defense requirements, creates system protection architecture, invent an elaborate security design, apply said security system, and evaluate the data security effectiveness.Request for Proposal (RFP) PlanAnatomy of an RFP DEFINITIONSEssential points of an RFPYou can simply pinpoint the essential sections you need to incorporate in your RFP by easily responding to each and any of the following questions:Why? Why does the organization need or desire this work to be done, purpose.Who? Company description.What? Objective of project.How? Contract.IT ProcurementAward criteria for contract.When? Preference process timeframe and deadlines.People to notify.Declaration of reasonThe introduction of the organization and the purpose of the RFP stating what the service provider has to do about the central part of the organization. The importance of this is to enable individuals to think outside the box. Many of solutions are available to meet the requirement if the people know better than what people have in mind and web professional can suggest solutions not discussed yet.Background knowledge of data Providing a short summary of your company and its performance, using data, client demographics, and the study of the culture of the people their attitudes and aspirations. Provide genuine feedback expressing the strengths and weaknesses truthfully. Do not forget to incorporate important information on the individuals who will then become the voice and handle future correspondence of the organization. Scope of workIdentify the particular responsibilities to be executed by the contributor and the anticipated outcomes. Incorporate a comprehensive listing of responsibilities, especially when sub-contractors are involved.Outcome and implementation guidelinesIdentify the end result targets, minimum production standards anticipated from the contractor, and techniques for observing performance and process for applying corrective actions. DeliverablesAllocate an inventory of all materials, records, and strategies that will be transported to your company and present a delivery schedule. Term of contractIdentify length, establish a start date and end date of the contract, and the choice for renewal.Payments, incentives, and penalties Record all the terms of settlements for satisfactory production. Underline the foundation for incentives for high-ranking production and sanctions for insufficient production or lack of compliance. Contractual terms and conditionsBind common contracting forms, official documents, and pledges. You may incorporate requirements particular to this specific contract.Prerequisites for proposal productionA consistent build in terms of content, data, and record types simplifies things for the individual assessing the proposals.Assessment and award Lay down the techniques and standards used for assessing proposals and for producing the final contract award. Process schedule Distinctly and briefly present the timeline for the steps commanding to the ultimate decision, such as the dates for proposing the letter of intent, forwarding questions, visiting the pre-proposal conference, submitting the proposal.Points of contact for future correspondence Incorporate a full list of individuals to contact for information on the RFP, or with any other questions. Include their name, title, responsibilities, and the various ways of contacting them into this listEnterprise Information Security Compliance ProgramPhysical Security PlanPhysical security plan is the understandable written plan providing proper and economical use of personnel and equipment to prevent or reduce loss or damage from theft, misuse, espionage, sabotage, and other criminal or disruptive activities.The purpose of the physical security plan is to provide guidance, assign responsibility, and it should set minimum standards for the security of property and personnel. The physical security officer must first determine the types and the extent of protection required on the post.Develop a risk management planRisk management is the process of risk identification, assessment, and reduction of its acceptable level. It is an essentials management function and is critical for any agency to successfully implement and maintain an acceptable level of security**1.1-1.16 – ComplianceCrossing.com. (2018). **ReferencesComplianceCrossing.com. (2018). Security Compliance Jobs Description | ComplianceCrossing.com. Retrieved from Guide to Writing a Request for Proposal. (n.d.). Retrieved from (n.d.). 11.2 Risk Management Process ” Project Management for Instructional Designers. Retrieved from M. (2013, December 4). What is CISO (chief information security officer)? – Definition from WhatIs.com. Retrieved from M. (2015, May 25). CIO (Chief Information Officer). Retrieved from (n.d.). What is a Security Manager? – Definition from Techopedia. Retrieved from Staff. (n.d.). ISSE – Information Systems Security Engineer. Retrieved from Shoemaker, W. A. (2012). Cybersecurity: The Essential Body of Knowledge. Boston: Cengage Learning.