The Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program, Third Edition, provides users with information on how to combat the ever-changing myriad of threats security professionals face. This entirely updated edition presents practical advice on establishing, managing, and evaluating a successful information protection program in a corporation or government agency, covering everything from effective communication to career guidance for the information security officer. The book outlines how to implement a new plan or evaluate an existing one, and is especially targeted to those who are new to the topic. It is the definitive resource for learning the key characteristics of an effective information systems security officer (ISSO), and paints a comprehensive portrait of an ISSO's duties, their challenges, and working environments, from handling new technologies and threats, to performing information security duties in a national security environment. Provides updated chapters that reflect the latest technological changes and advances in countering the latest information security threats and risks and how they relate to corporate security and crime investigation Includes new topics, such as forensics labs and information warfare, as well as how to liaison with attorneys, law enforcement, and other agencies others outside the organization Written in an accessible, easy-to-read style

Information systems security continues to grow and change based on new technology and Internet usage trends. In order to protect your organization's confidential information, you need information on the latest trends and practical advice from an authority you can trust. The new ISSO Guide is just what you need. Information Systems Security Officer's Guide, Second Edition, from Gerald Kovacich has been updated with the latest information and guidance for information security officers. It includes more information on global changes and threats, managing an international information security program, and additional metrics to measure organization performance. It also includes six entirely new chapters on emerging trends such as high-tech fraud, investigative support for law enforcement, national security concerns, and information security consulting. This essential guide covers everything from effective communication to career guidance for the information security officer. You'll turn to it again and again for practical information and advice on establishing and managing a successful information protection program. Six new chapters present the latest information and resources to counter information security threats Every chapter contains opening objectives and closing summaries to clarify key points Accessible, easy-to-read style for the busy professional

Effective and practical security officer training is the single most important element in establishing a professional security program. The Effective Security Officer's Training Manual, Second Edition helps readers improve services, reduce turnover, and minimize liability by further educating security officers. Self-paced material is presented in a creative and innovative style Glossaries, summaries, questions, and practical exercises accompany each chapter

This guideline identifies system security responsibilities for Information System Security Officers (ISSOs). It applies to computer security aspects of automated information systems (AISs) within the Department of Defense (DOD) and its contractor facilities that process classified and sensitive unclassified information. Computer security (COMPUSEC) includes controls that protect an AIS against denial of service and protects the AISs and data from unauthorized (inadvertent or intentional) disclosure, modification, and destruction. COMPUSEC includes the totality of security safeguards needed to provide an acceptable protection level for an AIS and for data handled by an AIS. 1 DOD Directive (DODD) 5200.28 defines an AIS as "an assembly of computer hardware, software, and/or firmware configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information." 2 This guideline is consistent with established DOD regulations and standards, as discussed in the following sections. Although this guideline emphasizes computer security, it is important to ensure that the other aspects of information systems security, as described below, are in place and operational: Physical security includes controlling access to facilities that contain classified and sensitive unclassified information. Physical security also addresses the protection of the structures that contain the computer equipment. Personnel security includes the procedures to ensure that access to classified and sensitive unclassified information is granted only after a determination has been made about a person's trustworthiness and only if a valid need-to-know exists.

The purpose of the system security plan is to provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements. The system security plan also delineates responsibilities and expected behavior of all individuals who access the system. The system security plan should be viewed as documentation of the structured process of planning adequate, cost-effective security protection for a system. It should reflect input from various managers with responsibilities concerning the system, including information owners, the system owner, and the senior agency information security officer (SAISO). Additional information may be included in the basic plan and the structure and format organized according to agency needs, so long as the major sections described in this document are adequately covered and readily identifiable.

Helps Information System Security Officers (ISSOs) understand their responsibilities for implementing and maintaining security in a system. The system may be a remote site linked to a network, a stand-alone automated information system, or workstations interconnected via a LAN. Also discusses roles and responsibilities of other individuals who are responsible for security and their relationship to the ISSO, as defined in various component regulations and standards. Extensive bibliography. Tables.