The IT Law Wiki

This wiki's URL has been migrated to the primary domain.Read more here


The IT Law Wiki



An information systems security officer (ISSO)

[s]pecializes in the information and security strategy within a system and is engaged throughout the systems development life cycle. [1]


An information system security officer (ISSO) is a person responsible to the Designated Approving Authority for ensuring that security is provided for and implemented throughout the life cycle of an AIS from the beginning of the concept development phase through its design, development, operation, maintenance, and secure disposal.[2]

Overview (General)[]

An ISSO is responsible for overseeing all aspects of information security within a specific organizational entity. They ensure that the organization's information security practices comply with organizational and departmental policies, standards, and procedures.[3]

Overview (U.S. Department of State)[]

"The ISSO:

(1) Ensures that the systems for which they are responsible are configured, operated, maintained, and disposed of in accordance with all relevant IRM and DS security guidelines;
(2) Is responsible for overseeing configuration and administration of auditing and for ensuring that audit trails are reviewed periodically and archived in accordance with security guidelines;
(3) Works closely with IMO/ISO/System Administrator to ensure all security related functions and activities are performed;
(4) Plays a leading role in introducing an appropriate methodology to help identify, evaluate, and minimize risks to all IT systems; and
(5) Is responsible to the CISO to ensure that [the] IT system is configured and maintained securely throughout its [[lifecycle] in accordance with the Systems Security Plan (SSP)."[4]