Security Policy Evaluation



Security Policy Evaluation

Introduction

I have been hired as a new IT manager to work with the US Geological Survey. The organization serve the nation by providing the information to the people related to the well being of earth and environment. In order to provide reliable information to the people, it has become extremely critical for the organization to ensure the information security standards included in the Federal Information Security Management Act (FISMA) of USGS. The paper describes the major points of the security management policy, the role of federal Office of Management and Budget (OMB) in the compliance of information security legislation, the role of agencies such as National Institute of Standards and Technology (NIST) and National Security Agency (NSA) for USGS and other federal organizations. The paper also includes the guidelines for developing a risk management framework which would help in USGS certification and accreditation procedures.

Effects of the Federal Information Security Management Act (FISMA) of 2002 on the USGS

Over the past few years, as the use of computers and internet have become more common, various security threats have arisen for the organizations. The organization's information systems are now highly vulnerable to security threats both from internal and external sources; in order to maintain the information security of the federal agencies, US government has designed an act for embedding security aspect into the information technology infrastructure of such agencies.

This act mainly focuses on highlighting the importance of information security for the federal and economic organizations of the country. The major requirement of this act is that each organization or federal agency should develop, document, practice and maintain an information security policy (NIST, 2012). The major points covered by the FISMA act affect all the federal agencies, which are liable for following the information security legislations. In the following, we analyze that how the major points of FISMA affect the USGS.

The policy requires all the federal organizations to review their security policy, possible risks, and possible harms. Due to this requirement, the USGS network department has to ensure periodic checking of all the information system resources, security policies, the vulnerabilities in the system. This point definitely affects the information system infrastructure of USGS, as due to the periodic investigation, it becomes more challenging for the hackers, intruders, viruses or malware to breach the security of the system. Thus, the organization's data become saved from the unauthorized access, intrusions, and modifications. Also, the probability of destruction of organization's information or information systems reduces significantly.

As the policies and procedures are to e designed depending on the results of risk assessment procedures (according to the requirement of FISMA act), the cost of implementing security measures significantly reduces. Thus, USGS become able to spend the amount on some other cause, instead of spending in fighting against the security breach attempts, or implementing the unnecessary security infrastructure.

The entire organization is not required to implement a similar information security policy; instead subordinate plans may be used for different departments, networks or group of ...