National Computer Security Center, A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems (Turquoise book), Pub. No. NCSC-TG-027 (Oct. 16, 2002) (full-text).
This Guideline was designed to help information systems security officers (ISSOs) understand their responsibilities for implementing and maintaining security in a system. The system could be a remote site linked to a network, a stand-alone automated information system, or workstations interconnected via a local area network.
This Guideline also discusses the roles and responsibilities of other individuals who are responsible for security and their relationship to the ISSO, as defined in various component regulations and standards.