The Act also demanded that agency heads to ensure that the process of implementation of information security plan in the various life cycles of each and every federal system.
The significant differences between FISMA and GISRA are the fact that its provisions are stronger and more permanent. It also includes the minimum mandatory standards for information security (OIG, 2003).
The suitability of the eight FISMA requirements model for business information security programs
The suitability of FISMA requirements model and compliance is the fact that it helps in the identification of people, processes and systems that the agencies need in order to achieve the various business objectives as well as coming up with appropriate protective mechanisms. The next incentive is tied to the fact that compliance to the requirements leads to the bolstering of an agency's reputation both within the House Government Reform as well as the improvement of citizen's perception of the agency (Cisco,2007).
The reason why federal agencies receive low grades on the Federal Computer Security Report Card. This is as a result of the weaknesses in their information systems and information security programs are many. The 24 main federal agencies have been noted to have various forms of control weaknesses in their Information Technology systems. These weaknesses threaten the integrity, confidentiality and availability of the various services provided through the federal information systems (GAO, 2005a).These weaknesses have been noted to result to considerable security risks to various forms of information in the hands of unauthorized persons. This can also result in the disclosure of highly sensitive information which can result in the disruptions of various critical operations. The main areas of weaknesses are outlined in the audit methodology that is used in the evaluation of information security systems (GAO, 2005b). Most affected areas are; access control, software change controls, duties segregation, plans of continuity of operations.
The differences, in terms of legal regulations and guidance for compliance, between the Federal government and industry in managing the security of information and information
The process of ensuring that the various security of Information amd information system are properly managed is a role that must be an accomplished via a collaboration between the federal government and the various industry stakeholders. There is however certain differences in terms of the regulations and guidance that must be sort to bring about the desired level of information assurance. The confidentiality, integrity and availability of all the critical data must be assured at all times.
The differences are as follows;
The federal government Information and Information system requirements are mandatory for all agencies and is implemented as prescribed by the constitution of the United States. This means that failure to comply...
The federal government requires that these regulations be implemented according to the guidelines contained in the E-Government Act of 2002 (Public law 107-347).The industry standards on the other hand are regulated by the policies set aside that are unique to the individual industries.
A comparison of the classes and families of the minimum security control requirements, shown in Table5-5, to the classes and control objectives of ASSERT's assessment questions, shown in Table 5-6 and an explanation of the discrepancies.
The and families of the minimum security control requirements, shown in Table5-5 are not as detailed as the ones in the Table5-6, to the classes and control objectives of ASSERT's assessment questions. This is since the Table5-5 are general guidelines while the ones in Table5-6 are specific and to the point. This is since the ASSERT standards target matters of national security and hence critical attention must be focused on its requirements.
How ASSERT's questions could be used by a business to better control its IT systems and to mitigate its security risks.
The ASSERT questions can be used by a business to carry out a step-by-step analysis and evaluation of all the potential security loopholes in order to initiate the appropriate mitigation procedures as prescribed by the same ASSERT guidelines.
E-Governent Act. (2002). Management and promotion of electronic Government Services
Best, R. (2007). Open Source Intelligence (OSINT): Issues for Congress
Cisco (2007). FISMA Compliance: Mapping National Institute of Standards and Technology
(NIST) Controls to Cisco Security Solutions
CSR (2004). Critical Infrastructure and Key Assets: Definition and Identification
CSS.(2008).Open Source Intelligence: A strategic enabler of national security-
CSS Analyses in Security Policy
Government Accountability Office (2005a).Weaknesses Persist at Federal Agencies Despite
Progress Made in Implementing Related Statutory Requirements
Government Accountability Office (2005b).Information Security: Emerging Cybersecurity Issues
Threaten FederalInformation Systems. GAO-05-231. Washington, D.C.: May 13, 2005.
Ibid, p. 65.
Intelligence Community (2006). Directive Number 301 and P.L. 109-163, Sec. 931.
Kahler and DeBlois (2003). EDUCAUSE, NIH, and Identrus Demonstrate PKI Interoperability
Between the Federal Government and Higher Education
Lowenthal, M (2003) Intelligence, From Secrets to Policy, Second Edition, CQ Press
(Washington, D.C.) p. 79.
Office of the Inspector General (2003).Multi-components audits, reviews and investigations http://www.justice.gov/oig/semiannual/0311/multi.htm
Sands, A (2005). "Integrating Open Sources into Transnational Threat Assessments," in Jennifer E. Sims and Burton Gerber, Transforming U.S. Intelligence (Washington:
Georgetown University Press), p. 65.
Vaughan, R. And Pollard, R (1984). Rebuilding America, Vol. I, Planning and Managing Public
Works in the 1980s. Council of State Planning Agencies. Washington, DC. 1984. pp 1-2.
In either case, privacy issues were known to be much more complicated than mere issues of personal secrecy. In fact, as Richard Posner suggested more than 20 years ago, there is a fundamental economics of personal privacy -- an economics that is in large part responsible for, and untiringly organic to, our Constitution. It is feasible, therefore, that there are rudimentary, biological, economic bases at the very roots of humankind's
" (Structure of the Federal Reserve System) The 12 Federal Reserve Banks extend banking service to the depository institutions and also to the federal government. To the financial institutions it takes the responsibility of maintaining reserve and clearing out accounts and entails various payment services incorporating checks, electronically transferring funds and circulating and receiving coins and currency notes. As the banker of the Federal Government they function as fiscal agents. They
Assurance Program Why/How to create an Information Assurance Just as paramount as the availability and access to information is significant in every company or business outfit, certain concerns always come to the fore: the kind of information is to be made. How the information is going to be organized? How will it be possible to ensure that the information released represents the judgment of the management of the company and gives
Compliance, Risk and Governance This report presents to the board of WB a brief overview of the key findings from the review undertaken, elucidating the concerns recognized from the initial findings from an internal audit. The report, then offers a clear clarification as to why continuation of existing practices (and lack of correctional measures) will be risky and detrimental to WB. The report also includes an initial plan of action to
Health Information Exchange BOON OR BANE? Health Information Exchange in the U.S. The Guidelines Benefits Privacy and Security Challenges and Strategies Why Clinicians Use or Don't Use HIE Doctors' Opinion on HIE Consumer Preferences around HIE Health Information Exchange or HIE is a system, which allows the immediate electronic access of a person's health information records by a health provider (Fricton and Davies, 2008). The overall objective is to improve the safety and quality of health, especially for emergency care.
Security Programs Implementation of Information Security Programs Information Security Programs are significantly growing with the present reforms in the United States agencies, due to the insecurity involved in the handling of data in most corporate infrastructure systems. Cases such as independent hackers accessing company databases and computerized systems, computer service attacks, malicious software such as viruses that attack the operating systems and many other issues are among the many issues experienced