This publication and the abstract below was published by CIO Council. ICIT strongly encourages you to visit the CIO Council Publication Library to search for additional information security resources which are freely available.
CIO Council: Chief Information Security Officer Handbook
This handbook aims to give CISOs important information they will need to implement Federal cybersecurity at their agencies. It is designed to be useful both to an executive with no Federal Government experience and to a seasoned Federal employee familiar with the nuances of the public sector. At its core, the handbook is a collection of resources that illuminate the many facets of the cybersecurity challenge and the related issues and opportunities of Federal management.
Section 1 outlines the CISO’s role within the agency and in the Federal Government as a whole. The section starts with an overview of the statutory language that defines the CISO’s mandate and the responsibilities agencies have in regard to information and information security. Next comes an overview of key organizations and their roles in Federal cybersecurity. The section concludes with a summary of the many kinds of reporting the CISO must conduct to keep the agency accountable to government-wide authorities.
In Section 2, the challenge of cybersecurity is broken down into two parts: managing risk across the enterprise and government-wide policies and initiatives. Each part begins with summaries of key reference documents for that aspect of the challenge.