The ISSO must understand the business and management environment

The objective of this article, is to provide the ISSO (Information Systems Security Officer) with a basic understanding and philosophy of information systems security (InfoSec) within the business environment, to include how to communicate with management in 'their language'.

Understanding the Business Environment

An InfoSec programme and organization is not the reason that a business or government agency exists. In the case of a business, the company usually provides a service or a product. The business has certain information or systems which are vital to performing its service and producing its product.The purpose of an InfoSec programme therefore, is to provide sewice and support to the business.

In order to adequately meet the needs of its customers, it is imperative for the ISSO to understand the company and the company's business. This includes the following: