Information Systems Security Manager (ISSM) - Marine Corps ...

More documents

Recommendations

Info

NAVSO P-5239-04SEPTEMBER 19953.0 INFORMATION SYSTEMS SECURITY MANAGERRESPONSIBILITIESThe ISSM is responsible for ensuring that the INFOSEC Program requirements aremet. The ISSM accomplishes this by performing, directing, coordinating, administering, andoverseeing various activities and personnel. This section defines the responsibilities of theISSM in 11 task areas.3.1 Security ManagementThis section describes the responsibilities of the ISSM within the overall task area ofsecurity management, which is the umbrella covering the other 10 task areas. It specificallyfocuses on planning and coordinating tasks required for an effective INFOSEC program.SECURITY POLICY AND PROCEDURES DEVELOPMENT ANDAPPLICATIONResponsibilityThe ISSM is responsible for interpreting and tailoring DOD andDON security policy to meet the requirements of the Commandor activity and ISs and networks under the ISSM’s cognizance.ImplementationPolicy and ProceduresApplicationThe ISSM remains current with all DOD and DON INFOSECpolicies and procedures and is aware of changes to thesepolicies and procedures. The ISSM ensures that all INFOSECactivity within the respective Command is in accordance withDOD and DON policy and procedures. The ISSM tailors thispolicy and guidance to meet the specific Command’srequirements.Key DocumentDevelopmentThe ISSM ensures that activity-level INFOSEC policy andguidelines are documented in an Activity ISSP in accordancewith OPNAVINST 5239.1A.The ISSM also ensures the development of SSPs for each ISthat contains or processes sensitive information in accordancewith OMB Bulletin No. 90-08.8
NAVSO P-5239-04SEPTEMBER 1995GuidanceThe ISSM provides guidance to subordinate INFOSECpersonnel, IS users, and other personnel, as necessary, in theinterpretation and implementation of the Command’s INFOSECpolicies and procedures.Reference: Security policy, procedure, and guidancedocumentation is identified in Appendix A. Appendix A itemsannotated with an “*” should be maintained by every ISSM foreasy reference because these documents directly pertain to theperformance of the ISSM and other IS personnel roles.NAVSO P-5239-11, System Security RequirementsDevelopment, provides guidance for developing security policyand security requirements for a specific system. Also seesection 3.11, Documentation, for Activity ISSP and SSPdocument descriptions.INTERACTION WITH PERSONNELResponsibilityAs the focal point for INFOSEC matters, the ISSM is cognizantof all IS-related activity and ensures that all necessary tasks andfunctions are adequately performed or conducted. The ISSMachieves this by conducting and attending status meetings andmanaging, overseeing, and coordinating efforts relative toINFOSEC. This section elaborates on the ISSM relationshipsidentified in section 2.ImplementationInformation SystemsSecurity Officer andNetwork SecurityOfficer AppointmentThe ISSM ensures that ISSOs and NSOs are appointed by theprogram manager of a specific branch, division, or department,as appropriate, based on the structure and needs of the specificCommand or Activity. Commands having complex ISs mayneed more ISSOs to perform day-to-day activities and torespond to security problems and IS user needs. The followingillustrates the appointment of ISSOs within different Commandstructures:· Multiple ISSOs may be assigned to a single, large IS9
Page 1: Department of the Navy NAVSO P-5239
Page 5: NAVSO P-5239-04SEPTEMBER 1995FOREWO
Page 8 and 9: NAVSO P-5239-04SEPTEMBER 1995TABLE
Page 10 and 11: NAVSO P-5239-04SEPTEMBER 1995· Sec
Page 12 and 13: NAVSO P-5239-04SEPTEMBER 1995techni
Page 14 and 15: NAVSO P-5239-04SEPTEMBER 1995ISEASS
Page 18 and 19: NAVSO P-5239-04SEPTEMBER 1995· Sit
Page 20 and 21: NAVSO P-5239-04SEPTEMBER 1995the DO
Page 22 and 23: NAVSO P-5239-04SEPTEMBER 19953.2 Ri
Page 24 and 25: NAVSO P-5239-04SEPTEMBER 1995workin
Page 26 and 27: NAVSO P-5239-04SEPTEMBER 19953.3 Ac
Page 28 and 29: NAVSO P-5239-04SEPTEMBER 19953.4 Ad
Page 30 and 31: NAVSO P-5239-04SEPTEMBER 1995Virus
Page 32 and 33: NAVSO P-5239-04SEPTEMBER 19953.5 Tr
Page 34 and 35: NAVSO P-5239-04SEPTEMBER 1995- Expl
Page 36 and 37: NAVSO P-5239-04SEPTEMBER 19953.6 Ph
Page 38 and 39: NAVSO P-5239-04SEPTEMBER 1995· Eva
Page 40 and 41: NAVSO P-5239-04SEPTEMBER 19953.7 Au
Page 42 and 43: NAVSO P-5239-04SEPTEMBER 19953.8 In
Page 44 and 45: NAVSO P-5239-04SEPTEMBER 19953.9 Se
Page 46 and 47: NAVSO P-5239-04SEPTEMBER 19953.10 C
Page 48 and 49: NAVSO P-5239-04SEPTEMBER 19953.11 S
Page 50 and 51: NAVSO P-5239-04SEPTEMBER 199542
Page 52 and 53: NAVSO P-5239-04SEPTEMBER 1995update
Page 55 and 56: NAVSO P-5239-04SEPTEMBER 1995Securi
Page 57 and 58: NAVSO P-5239-04SEPTEMBER 1995SECNAV
Page 59 and 60: NAVSO P-5239-04SEPTEMBER 1995This d
Page 61 and 62: NAVSO P-5239-04SEPTEMBER 1995NCSC-T
Page 63 and 64: NAVSO P-5239-04SEPTEMBER 1995NTISSP
Page 65 and 66: NAVSO P-5239-04SEPTEMBER 1995primar

Information Systems Security Manager (ISSM) - Marine Corps ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?