1 / 13

How to Be a Successful ISSM

How to Be a Successful ISSM. Tim Chancellor. TEN SECRETS OF INCREDIBLY EFFECTIVE ISSM'S. Skills Computer Geek Diplomat Counselor Investigator Coach. Train, Train, Train. Information Systems Security Manager (ISSM) Information Systems Security Manager Chapter 8 computer based training

randi
Download Presentation

How to Be a Successful ISSM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to Be a Successful ISSM Tim Chancellor

  2. TEN SECRETS OF INCREDIBLY EFFECTIVE ISSM'S • Skills • Computer Geek • Diplomat • Counselor • Investigator • Coach

  3. Train, Train, Train • Information Systems Security Manager (ISSM) • Information Systems Security Manager • Chapter 8 computer based training • Quarterly ISSO Briefings • Monthly ISSO Tips • Information Systems Security Officer • ISSO computer based training • Information Systems User Briefing

  4. Know your Program Managers • Face to Face Meeting • Accreditation Process • Few managers understand either the accreditation process or the requirements to process classified data. • Opportunity for them to begin to know you and seek advice.

  5. Require Computing Requirements in Writing • Nails down specific purpose & configuration during pre-accreditation • Have them complete the CONOP • Have program appoint ISSO/Alternate • Status of equipment on order • Be aware of physical security requirements.

  6. Early Coordination with CSA • Invite customer to provide advice & assistance • Comfort level with direction being taken • If cannot visit, will be glad you asked • Won’t be caught off guard if special requirements

  7. Challenge, Challenge, Challenge • Scrutinize the requirements, make decisions & recommendations • Watch for special caveats, NATO, etc. • If it will be adequate, limit systems that will process the special caveat • Consider how will affect any future networks

  8. Review & Review Again • SPP is tedious work • Having team review is helpful • Don’t forward until you’re sure it meets program requirements • Some ISSM’s require approval in writing

  9. Trust But Verify • You are on the hook with DSS • Perform 100% audit with outgoing/incoming ISSO’s

  10. Tactical Systems Require Coordination • Development of deliverable/tactical systems to ensure you meet customer requirements • Establish good working relationship with the customer • Attend customer/program meetings

  11. Start-up Briefings • Once IATO or ATO conduct initial briefing with all key personnel • Be sure to include a physical security specialist • Face-to-face meeting ensures confusion is cleared up.

  12. Post-Accreditation Inspection • Schedule 30-60 days after start-up • Clear up misunderstandings and ensure no auditing or record-keeping failures • Better to catch before government review

  13. Final Suggestions • Network with other ISSMs • Share successes and failures • Best wishes!!!!

More Related