Where the Information Systems Security Staff (ISSS) is located within the organizational
hierarchy has a direct correlation to the success of the ISSP. The staff must be
organizationally situated within the corporate hierarchy with sufficient authority to
implement the ISSP across the enterprise. Many ISSSs report to the Chief Information
Officer (CIO) due to the technical nature of the work and its intimate relation to the
information technology function. However, ISSP tasks span the enterprise:
· Human Resources is responsible for the hiring of personnel; position
classification; processing of security clearances; notification of garnishment of
wages, bankruptcies or other worrisome investigations; and termination or other
· Labor Relations can assist with the interpretation of labor-management
agreements and provide advice on negotiable items.
· Compliance Office provides expertise in corporate compliance with Federal,
state, industry, corporate laws, standards and policies.
· Facilities/Space Management administers physical access controls and
monitoring technologies.
· Contracting Staff handles outsourcing and procurement of all IT-related
resources (hardware, software, telecommunications, and support services).
© SANS Institute 2002, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
· Each IT organization exists to support a production entity. This organization not
only has a vested interest in the success of the Security Program, it plays an
intimate role in carrying out the ISSP


Leave Comment

Your email address will not be published. Required fields are marked *