Information Security Programs are significantly growing with the present reforms in the United States agencies, due to the insecurity involved in the handling of data in most corporate infrastructure systems. Cases such as independent hackers accessing company databases and computerized systems, computer service attacks, malicious software such as viruses that attack the operating systems and many other issues are among the many issues experienced in the corporate arena, including government agencies like the U.S. Department of Health and Human Services. These cases have led to the necessity for more implementation of the information security programs, which provide counter measures for the information security threats.
The United States Department of Health and Human Services
The Department of Health and Human Services in the United States (HHS) is one of the principal agencies obliged to protect the health conditions of the entire American population and also providing the basic human services especially to the needy Americans (HHS.gov, 2012). The department works very closely with the local and state government, hence providing most of its services at both the county and state agencies. The HHS department is constituted of eleven different divisions, which are individual operations, eight of which represent agencies of Public Health Services, and the remaining four are agencies of human services (HHS.gov, 2012).
Security Area Responsible Party
The CSIRC, which is under the Chief Information Security Officer, has the primary responsibility of entering data related to the HHS department, including the maintenance of the IT security awareness, and also the overall determination of IT security position of the HHS. The office shall ensure that the HHS department is always aware of privacy and security vulnerability, any happenings that might have a direct negative impact to the security of information, the negative impacts in case of insecurity and the sharing of information to the relevant authorities. The office will also analyze the risks related to data handling and ensure measures are instituted to mitigate data loss or penetration by unintended persons (HHS.gov, 2012).
Vulnerabilities and risk mitigation strategies
Information in the Department of Health and Human Services is prone to many risks that could lead to the distortion of very important information. In severe situations, the information could be lost permanently, leading to disruptions in the normal functioning and department operations. The major risks also include the unintended disclosure of confidential information/data, and also unauthorized use of the same data. The Information security Programs, therefore, aim at the reduction of these risks, which come in different forms. The technical risks involved are; malicious distortion of data and tampering with stored information through destruction of storage capacities. Fraud could also be a risk, where the staff and those operating the data systems could decide to use the data in the wrong way, mostly for self-interests. Systems could also be damaged through the infection of viruses and worms. For the mitigation of these named risks, the department has to indulge in both prevention and management of the risks.
The focus of the information security program is to prevent, detect, verify and then respond to the different risks involved. The prevention entails the effective manipulation of processes, procedures, technology and the department responsibilities, so as to mitigate any potential threats. Detection in most cases involves the use of both the automated and manual mechanisms to identify and differentiate the risk and security issues. Currently, the HHS department could apply the detention strategy by monitoring passively and actively the procedures of the security programs. Verification phase ensures that all the necessary measures dealing with security are taken care of. This could include the use of monitoring tools and conduction of audit functions. The response strategy will only be implemented when the prevention approaches seem to be underperforming. The department will require rapid and efficient capabilities to respond to risks, including direct responses, triage and containment of hazardous security threats (Onsett International Corporation, 2001).
Acquisition of systems and Asset management
The HSS Department has the obligation to acquire and maintain the best systems that will help maintain the department's information. The department has to use specified systems, preferably a descriptive database, that will store records for all the property the department owns and controls.…