Verified Document

Automating Compliance With Federal Information Case Study

It also includes the minimum mandatory standards for information security (OIG, 2003). The suitability of the eight FISMA requirements model for business information security programs

The suitability of FISMA requirements model and compliance is the fact that it helps in the identification of people, processes and systems that the agencies need in order to achieve the various business objectives as well as coming up with appropriate protective mechanisms. The next incentive is tied to the fact that compliance to the requirements leads to the bolstering of an agency's reputation both within the House Government Reform as well as the improvement of citizen's perception of the agency (Cisco,2007).

The reason why federal agencies receive low grades on the Federal Computer Security Report Card. This is as a result of the weaknesses in their information systems and information security programs are many. The 24 main federal agencies have been noted to have various forms of control weaknesses in their Information Technology systems. These weaknesses threaten the integrity, confidentiality and availability of the various services provided through the federal information systems (GAO, 2005a).These weaknesses have been noted to result to considerable security risks to various forms of information in the hands of unauthorized persons. This can also result in the disclosure of highly sensitive information which can result in the disruptions of various critical operations. The main areas of weaknesses are outlined in the audit methodology that is used in the evaluation of information security systems (GAO, 2005b). Most affected areas are; access control, software change controls, duties segregation, plans of continuity of operations.

The differences, in terms of legal regulations and guidance for compliance, between the Federal government and industry in managing the security of information and information

Systems.

The process of ensuring that the various security of Information amd information system are properly managed is a role that must be an accomplished via a collaboration between the federal government and the various industry stakeholders. There is however certain differences in terms of the regulations and guidance that must be sort to bring about the desired level of information assurance. The confidentiality, integrity and availability of all the critical data must be assured at all times.

The differences are as follows;

The federal government Information and Information system requirements are mandatory for all agencies and is implemented as prescribed by the constitution of the United States. This means that failure to comply with these requirements is considered a crime and is punishable by law. The federal government requires that these regulations be implemented according to the guidelines contained in the E-Government Act of 2002 (Public law 107-347).The industry standards on the other hand are regulated by the policies set aside that are unique to the individual industries.

A comparison of the classes and families of the minimum security control requirements, shown in Table5-5, to the classes and control objectives of ASSERT's assessment questions, shown in Table 5-6 and an explanation of the discrepancies.

The and families of the minimum...

This is since the Table5-5 are general guidelines while the ones in Table5-6 are specific and to the point. This is since the ASSERT standards target matters of national security and hence critical attention must be focused on its requirements.
How ASSERT's questions could be used by a business to better control its IT systems and to mitigate its security risks.

The ASSERT questions can be used by a business to carry out a step-by-step analysis and evaluation of all the potential security loopholes in order to initiate the appropriate mitigation procedures as prescribed by the same ASSERT guidelines.

References

E-Governent Act. (2002). Management and promotion of electronic Government Services

http://csrc.nist.gov/drivers/documents/HR2458-final.pdf

Best, R. (2007). Open Source Intelligence (OSINT): Issues for Congress

http://www.fas.org/sgp/crs/intel/RL34270.pdf

Cisco (2007). FISMA Compliance: Mapping National Institute of Standards and Technology

(NIST) Controls to Cisco Security Solutions

http://www.cisco.com/en/U.S./solutions/collateral/ns340/ns394/ns171/net_implementation_white_paper0900aecd806ab80b.pdf

CSR (2004). Critical Infrastructure and Key Assets: Definition and Identification

CSS.(2008).Open Source Intelligence: A strategic enabler of national security-

CSS Analyses in Security Policy

http://se2.isn.ch/serviceengine/Files/ESDP/50169/ipublicationdocument_singledocument/1F428F3D-C46C-4068-B328-50424047DAF6/en/css_analysen_nr+32-0408_E.pdf

Government Accountability Office (2005a).Weaknesses Persist at Federal Agencies Despite

Progress Made in Implementing Related Statutory Requirements

Government Accountability Office (2005b).Information Security: Emerging Cybersecurity Issues

Threaten FederalInformation Systems. GAO-05-231. Washington, D.C.: May 13, 2005.

http://www.gao.gov/new.items/d05552.pdf

Ibid, p. 65.

Intelligence Community (2006). Directive Number 301 and P.L. 109-163, Sec. 931.

http://www.fas.org/irp/dni/icd/icd-301.pdf

Kahler and DeBlois (2003). EDUCAUSE, NIH, and Identrus Demonstrate PKI Interoperability

Between the Federal Government and Higher Education

http://www.educause.edu/About+EDUCAUSE/PressReleases/EDUCAUSENIHandIdentrusDemonstr/16838

Lowenthal, M (2003) Intelligence, From Secrets to Policy, Second Edition, CQ Press

(Washington, D.C.) p. 79.

Office of the Inspector General (2003).Multi-components audits, reviews and investigations http://www.justice.gov/oig/semiannual/0311/multi.htm

Sands, A (2005). "Integrating Open Sources into Transnational Threat Assessments," in Jennifer E. Sims and Burton Gerber, Transforming U.S. Intelligence (Washington:

Georgetown University Press), p. 65.

Vaughan, R. And Pollard, R (1984). Rebuilding America, Vol. I, Planning and Managing Public

Works in the 1980s. Council of State Planning Agencies. Washington, DC. 1984. pp 1-2.

Cite this Document:
Copy Bibliography Citation

Related Documents

Automated Banking in Our Future
Words: 3877 Length: 15 Document Type: Term Paper

In either case, privacy issues were known to be much more complicated than mere issues of personal secrecy. In fact, as Richard Posner suggested more than 20 years ago, there is a fundamental economics of personal privacy -- an economics that is in large part responsible for, and untiringly organic to, our Constitution. It is feasible, therefore, that there are rudimentary, biological, economic bases at the very roots of humankind's

Federal Reserve System More Commonly
Words: 2752 Length: 7 Document Type: Term Paper

" (Structure of the Federal Reserve System) The 12 Federal Reserve Banks extend banking service to the depository institutions and also to the federal government. To the financial institutions it takes the responsibility of maintaining reserve and clearing out accounts and entails various payment services incorporating checks, electronically transferring funds and circulating and receiving coins and currency notes. As the banker of the Federal Government they function as fiscal agents. They

Assurance Program Why/How to Create an Information
Words: 6861 Length: 25 Document Type: Case Study

Assurance Program Why/How to create an Information Assurance Just as paramount as the availability and access to information is significant in every company or business outfit, certain concerns always come to the fore: the kind of information is to be made. How the information is going to be organized? How will it be possible to ensure that the information released represents the judgment of the management of the company and gives

Senior Management and Compliance
Words: 3347 Length: 11 Document Type:

Compliance, Risk and Governance This report presents to the board of WB a brief overview of the key findings from the review undertaken, elucidating the concerns recognized from the initial findings from an internal audit. The report, then offers a clear clarification as to why continuation of existing practices (and lack of correctional measures) will be risky and detrimental to WB. The report also includes an initial plan of action to

Health Information Exchange in the US
Words: 2723 Length: 10 Document Type: Term Paper

Health Information Exchange BOON OR BANE? Health Information Exchange in the U.S. The Guidelines Benefits Privacy and Security Challenges and Strategies Why Clinicians Use or Don't Use HIE Doctors' Opinion on HIE Consumer Preferences around HIE Health Information Exchange or HIE is a system, which allows the immediate electronic access of a person's health information records by a health provider (Fricton and Davies, 2008). The overall objective is to improve the safety and quality of health, especially for emergency care.

Security Programs Implementation of Information Security Programs
Words: 1415 Length: 4 Document Type: Essay

Security Programs Implementation of Information Security Programs Information Security Programs are significantly growing with the present reforms in the United States agencies, due to the insecurity involved in the handling of data in most corporate infrastructure systems. Cases such as independent hackers accessing company databases and computerized systems, computer service attacks, malicious software such as viruses that attack the operating systems and many other issues are among the many issues experienced

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now