The Information Security Officer is appointed to provide direct operational responsibility for maintaining the Information Security Policy, ISMS and providing advice and guidance on its application. Information Security Officer is the part of management and overall performs subsequent responsibilities:
Reviewing and updating the Information Security Management System
Coordinating and running training and awareness programs for Information Security
Monitoring information system security
Measuring effectiveness of controls through defined system and procedure
and sharing the measurement results with ISF and senior management. Also ISO maintains the measurement outputs and records
Arranging agenda for ISF meeting; arranging regular ISF meetings
Investigating and responding to security breaches
Providing and keeping up to date with advice on all aspects of Information Security
Establishing and monitoring information exchange agreements
Maintaining and updating information asset inventories – central inventory, asset access lists
Maintaining risk assessment plans against assets and business processes
Maintaining disaster recovery plans
Creating an internal and external audit schedule
Undertaking auditing
Performing risk assessments at least once per year as part of the ISMS maintenance and when changes are planned to technology, hardware and business processes and objectives
Performing risk assessment when evaluating third/external party suppliers
Communicating the status of the Information Security management system to interested parties.
Reviewing and updating the Information Security Management System
