Information Security Best Practices: The Information Security Officer

The first thing that any security program must do is establish the presence of the Information Security Officer. Depending on the size of your security environment, this could be a full-time position or a current employee who has the availability to take on further duties.

Besides the time element, the organization must clearly define the expectations of the Information Security Officer and determine if an individual is capable to fill the role. During a later post I will describe the attributes that ascertain “capability”, but the complete lack of someone in this role means that information security is not a priority in your organization.