The IT Law Wiki

Domestic Information Systems Security Officer

32,081pages on
this wiki
Add New Page
Add New Page Talk0

Overview Edit

U.S. Department of State Edit

A Domestic Information Systems Security Officer (DISSO)

(1) Provides desktop security support and fulfills "in-scope" information systems security officer (ISSO) as defined in 1 FAM 275.4-3;
(2) Performs in-scope ISSO roles and responsibilities for domestic consolidated bureaus which include:
(a) Establishing enterprise policy, processes and procedures in compliance with DOS desktop security guidelines;
(b) Administrating access control/user accounts to include file permissions;
(c) Performing desktop incident handling to include incident response, computer incident response team's (CIRT) litigation and remediation requests;
(d) Executing desktop security audits to include random security scans;
(e) Managing software download request authorizations;
(f) Monitoring data transfer requests to include authorizing transfers to and from CDs, DVDs and other removable media;
(g) Providing training and education to include performing security briefings as well as informing users of Department of State security best practices; and
(h) Responsibility for maintaining requirements for all desktops and providing desktop security guidance to all users within bureaus that have fully consolidated — as defined by the respective master service level agreement (SLA) for each consolidated bureau and ISSO appointment memo.
(3) Works closely with "out-of-scope" ISSOs whose roles and responsibilities include:
(a) Performing certification and accreditation requirements;
(b) Managing "out-of-scope" applications and servers;
(c) Performing routine security audits for out-of-scope server functions; and
(d) Regulating physical security.

Also on Fandom

Random Wiki