Written by Maud on 2010-01-27
- Lead ADSIC internal information security efforts consistent with the Abu Dhabi Information Security Program, and other international best practices (e.g., ISO 27000s, US National Institute of Standards and Technology, etc…). Specifically the following should be addressed;
- Enforce and monitor the implementation of, and compliance with, the Abu Dhabi Information Security Policy.
- Develop and manage the implementation of ADSIC-specific Information Security policies and procedures.
- Ensure Risk Assessments are conducted on all information systems.
- Ensure Information Security Plans are developed for all applicable information systems.
- Ensure implementation of all information security controls, as set forth in the Information Security Plan, to ensure adequate security for the respective system.
- Ensure the development of plans for the Security Testing and Evaluation of all applicable systems. Such plans shall be executed by qualified and sufficiently independent organizations to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security risk requirements for the system.
- Serve as the Certifying Official for low to moderate assurance and/or mission important or supportive systems within the purview of entity, certifying test results and providing accreditation recommendations for approval to operate systems.
- Support ADSIC in developing and implementing an Information Security awareness campaign, supplementing the efforts as necessary for the ADSIC user base.
- Provide Information Security technical training based on the ADSIC’s needs, and ensure consistency with the pan- Governmental training program.
- Conduct Information Security communications and outreach by leveraging the Information Security Working Group.
- Establish appropriate measures to assess operational capabilities and determine compliance and effectiveness levels with the Abu Dhabi and ADSIC Information Security Policy and Information Security Standards.
- Provide an annual report to the Chairman, or equivalent, and the ADSIC Information Security Program Manager, on the progress of the ADSIC’s Information Security program.
- Coordinate with other entity leads, as necessary.
- Coordinate with AD government lead for incident response to implement applicable and coordinated incident management procedures (to include the appropriate reporting of incidents) – when established.
- Communicating and escalating, as necessary, Information Security matters to AD government lead for risk management – when established – and ADSIC.
- Supervise Information Security Officers, or other related assurance functions, as necessary
- Coordinate with other mission assurance programs to effectively manage risks across the entity and ensure continuity of the business.
- Ensure that all ADSIC contractors and third party organizations achieve adequate security for the protection of sensitive Government information.