Automating Compliance With Federal Information essay

Download this essay in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from essay:

The Act also demanded that agency heads to ensure that the process of implementation of information security plan in the various life cycles of each and every federal system.

The significant differences between FISMA and GISRA are the fact that its provisions are stronger and more permanent. It also includes the minimum mandatory standards for information security (OIG, 2003).

The suitability of the eight FISMA requirements model for business information security programs

The suitability of FISMA requirements model and compliance is the fact that it helps in the identification of people, processes and systems that the agencies need in order to achieve the various business objectives as well as coming up with appropriate protective mechanisms. The next incentive is tied to the fact that compliance to the requirements leads to the bolstering of an agency's reputation both within the House Government Reform as well as the improvement of citizen's perception of the agency (Cisco,2007).

The reason why federal agencies receive low grades on the Federal Computer Security Report Card. This is as a result of the weaknesses in their information systems and information security programs are many. The 24 main federal agencies have been noted to have various forms of control weaknesses in their Information Technology systems. These weaknesses threaten the integrity, confidentiality and availability of the various services provided through the federal information systems (GAO, 2005a).These weaknesses have been noted to result to considerable security risks to various forms of information in the hands of unauthorized persons. This can also result in the disclosure of highly sensitive information which can result in the disruptions of various critical operations. The main areas of weaknesses are outlined in the audit methodology that is used in the evaluation of information security systems (GAO, 2005b). Most affected areas are; access control, software change controls, duties segregation, plans of continuity of operations.

The differences, in terms of legal regulations and guidance for compliance, between the Federal government and industry in managing the security of information and information

Systems.

The process of ensuring that the various security of Information amd information system are properly managed is a role that must be an accomplished via a collaboration between the federal government and the various industry stakeholders. There is however certain differences in terms of the regulations and guidance that must be sort to bring about the desired level of information assurance. The confidentiality, integrity and availability of all the critical data must be assured at all times.

The differences are as follows;

The federal government Information and Information system requirements are mandatory for all agencies and is implemented as prescribed by the constitution of the United States. This means that failure to comply with these requirements is considered a crime and is punishable by law. The federal government requires that these regulations be implemented according to the guidelines contained in the E-Government Act of 2002 (Public law 107-347).The industry standards on the other hand are regulated by the policies set aside that are unique to the individual industries.

A comparison of the classes and families of the minimum security control requirements, shown in Table5-5, to the classes and control objectives of ASSERT's assessment questions, shown in Table 5-6 and an explanation of the discrepancies.

The and families of the minimum security control requirements, shown in Table5-5 are not as detailed as the ones in the Table5-6, to the classes and control objectives of ASSERT's assessment questions. This is since the Table5-5 are general guidelines while the ones in Table5-6 are specific and to the point. This is since the ASSERT standards target matters of national security and hence critical attention must be focused on its requirements.

How ASSERT's questions could be used by a business to better control its IT systems and to mitigate its security risks.

The ASSERT questions can be used by a business to carry out a step-by-step analysis and evaluation of all the potential security loopholes in order to initiate the appropriate mitigation procedures as prescribed by the same ASSERT guidelines.

References

E-Governent Act. (2002). Management and promotion of electronic Government Services

http://csrc.nist.gov/drivers/documents/HR2458-final.pdf

Best, R. (2007). Open Source Intelligence (OSINT): Issues for Congress

http://www.fas.org/sgp/crs/intel/RL34270.pdf

Cisco (2007). FISMA Compliance: Mapping National Institute of Standards and Technology

(NIST) Controls to Cisco Security Solutions

http://www.cisco.com/en/U.S./solutions/collateral/ns340/ns394/ns171/net_implementation_white_paper0900aecd806ab80b.pdf

CSR (2004). Critical Infrastructure and Key Assets: Definition and Identification

CSS.(2008).Open Source Intelligence: A strategic enabler of national security-

CSS Analyses in Security Policy

http://se2.isn.ch/serviceengine/Files/ESDP/50169/ipublicationdocument_singledocument/1F428F3D-C46C-4068-B328-50424047DAF6/en/css_analysen_nr+32-0408_E.pdf

Government Accountability Office (2005a).Weaknesses Persist at Federal Agencies Despite

Progress Made in Implementing Related Statutory Requirements

Government Accountability Office (2005b).Information Security: Emerging Cybersecurity Issues

Threaten FederalInformation Systems. GAO-05-231. Washington, D.C.: May 13, 2005.

http://www.gao.gov/new.items/d05552.pdf

Ibid, p. 65.

Intelligence Community (2006). Directive Number 301 and P.L. 109-163, Sec. 931.

http://www.fas.org/irp/dni/icd/icd-301.pdf

Kahler and DeBlois (2003). EDUCAUSE, NIH, and Identrus Demonstrate PKI Interoperability

Between the Federal Government and Higher Education

http://www.educause.edu/About+EDUCAUSE/PressReleases/EDUCAUSENIHandIdentrusDemonstr/16838

Lowenthal, M (2003) Intelligence, From Secrets to Policy, Second Edition, CQ Press

(Washington, D.C.) p. 79.

Office of the Inspector General (2003).Multi-components audits, reviews and investigations http://www.justice.gov/oig/semiannual/0311/multi.htm

Sands, A (2005). "Integrating Open Sources into Transnational Threat Assessments," in Jennifer E. Sims and Burton Gerber, Transforming U.S. Intelligence (Washington:

Georgetown University Press), p. 65.

Vaughan, R. And Pollard, R (1984). Rebuilding America, Vol. I, Planning and Managing Public

Works in the 1980s. Council of State Planning Agencies. Washington, DC. 1984. pp 1-2.[continue]

Some Sources Used in Document:

"HR2458-final.pdf" 
"d05552.pdf" 

Cite This Essay:

"Automating Compliance With Federal Information" (2010, August 18) Retrieved December 4, 2016, from http://www.paperdue.com/essay/automating-compliance-with-federal-information-8807

"Automating Compliance With Federal Information" 18 August 2010. Web.4 December. 2016. <http://www.paperdue.com/essay/automating-compliance-with-federal-information-8807>

"Automating Compliance With Federal Information", 18 August 2010, Accessed.4 December. 2016, http://www.paperdue.com/essay/automating-compliance-with-federal-information-8807

Other Documents Pertaining To This Topic

  • Sra Company That Protects America s Vital Infrastructures

    SRA International Study Focusing its professional experience and talents on departments of the federal government's national security agencies was smart for SRA because there are a multitude of aspects within each department that need security and impenetrable services. In other words, there is an enormous amount of work for a security agency that is tackling those crucial issues in thirteen of the fifteen departments linked to the executive branch of the

  • Automated Banking in Our Future

    In either case, privacy issues were known to be much more complicated than mere issues of personal secrecy. In fact, as Richard Posner suggested more than 20 years ago, there is a fundamental economics of personal privacy -- an economics that is in large part responsible for, and untiringly organic to, our Constitution. It is feasible, therefore, that there are rudimentary, biological, economic bases at the very roots of humankind's

  • Federal Reserve System More Commonly

    " (Structure of the Federal Reserve System) The 12 Federal Reserve Banks extend banking service to the depository institutions and also to the federal government. To the financial institutions it takes the responsibility of maintaining reserve and clearing out accounts and entails various payment services incorporating checks, electronically transferring funds and circulating and receiving coins and currency notes. As the banker of the Federal Government they function as fiscal agents. They

  • Assurance Program Why How to Create an Information

    Assurance Program Why/How to create an Information Assurance Just as paramount as the availability and access to information is significant in every company or business outfit, certain concerns always come to the fore: the kind of information is to be made. How the information is going to be organized? How will it be possible to ensure that the information released represents the judgment of the management of the company and gives

  • Health Information Exchange in the US

    Health Information Exchange BOON OR BANE? Health Information Exchange in the U.S. The Guidelines Benefits Privacy and Security Challenges and Strategies Why Clinicians Use or Don't Use HIE Doctors' Opinion on HIE Consumer Preferences around HIE Health Information Exchange or HIE is a system, which allows the immediate electronic access of a person's health information records by a health provider (Fricton and Davies, 2008). The overall objective is to improve the safety and quality of health, especially for emergency care.

  • Security Programs Implementation of Information Security Programs

    Security Programs Implementation of Information Security Programs Information Security Programs are significantly growing with the present reforms in the United States agencies, due to the insecurity involved in the handling of data in most corporate infrastructure systems. Cases such as independent hackers accessing company databases and computerized systems, computer service attacks, malicious software such as viruses that attack the operating systems and many other issues are among the many issues experienced

  • Usable Information How Can it

    Provide proper ONLINE reference(s) and citations. The most significant law to affect information systems is the healthcare industry is the Health Insurance Portability and Accountability Act of 1996 (Consumer Privacy Guide, 2001). An excerpt of this law says that the U.S. Government will coordinate with the U.S. Congress and the Secretary of Health and Human Services to create a series of privacy rules and define the levels of compliance to


Read Full Essay
Copyright 2016 . All Rights Reserved