Role of the Ministry Information Security Officer (MISO)
As defined in the Information Security Policy (ISP) the Ministry Information Security Officer (MISO) is the single point of contact for information security issues and related concerns in their ministry. Specifically, the Ministry Information Security Officer is responsible for:
- Ensuring that standards/procedures to support day-to-day security activities are documented in compliance with the Information Security Policy;
- Co-ordinating information security awareness and education;
- Investigating reported information security events to determine if further investigation is warranted;
- Providing up-to-date information on issues related to information security;
- Assisting business areas in conducting Security Threat and Risk Assessments;
- Ensuring that each information system has a current System Security Plan;
- Providing advice on security requirements for information systems development or enhancements;
- Co-ordinating ministry information security initiatives with cross-government information security initiatives;
- Providing advice on emerging information security standards relating to ministry specific lines of business; and,
- Raising ministry security issues to the cross-government information security forum.
When would you contact the Ministry Information Security Officer (MISO) in your ministry?
- All actual and suspected security incidents and events must be reported to the MISO, as required by the Information Security Policy. The MISO will determine what action, if any, is required.
- If you are uncertain about what constitutes security best practices in a given situation, contact your MISO for guidance.