ABSTRACT
Protecting information is as critical as protecting other organizational assets, such as plant assets and intangible assets. It is the information systems security officer (ISSO) who establishes a program of information security to help ensure the protection of the organization’s information. Developing, implementing, and managing an information security pro-gram is the ISSO’s primary responsibility. The Information Security Program will cross all organizational lines and encompass many different areas to ensure the protection of the organization’s information. Although information security may be considered technical in nature, a successful ISSO is much more than a “techie.” The ISSO must be a businessman, a communicator, a salesman, and a politician. The ISSO needs to understand the organization’s business, its mission, its goals, and its objectives. With this understanding, the ISSO can demonstrate to the rest of the management team how information security supports the business of the organization.
