Is there an optimum number of systems an ISSO should be responsible for? I realize system size and complexity come into play but assuming most are large and of moderate risk, etc. is there a number that can be consideered a norm? We have ISSOs who have 8 or 9 high value systems and need justification from a reliable source of any norm or standard to ensure maximum security and reasonable work load. Thanks.
Asked
Active
Viewed 50 times
