FISMA Research Paper

During SDLC phase one, the initiation phase, “the need for a system is expressed and the purpose of the system is documented” (NIST, 2008). Some of the expected outcomes from this phase would be a project plan and schedule; system performance specifications outlining the operational requirements, system design documents, and a document that defines roles and responsibilities. The corresponding RMF step, security categorization, establishes the foundation for security standardization among information systems and provides a vital step towards integrating security into the information system (NIST, 2008). During this step, the type(s) of information processed by the information system are identified and the information system is categorized to determine the level of protection requirements to put in place. Some of the expected outputs of this step include a security project plan and schedule, documented system boundary, the system categorization, and the security roles and responsibilities. These two process steps are very similar except the focus of RMF is on information security related functions. In some cases, SDLC produces the expected outputs that RMF requires, and the security professionals only require a copy of the documentation for their records. For example, the system design document often depicts the system boundary. The reason this step is so critical is that it

As discussed earlier, if the Protect Domain is where the rubber meets the road, then the Information Protection Processes and Procedures Category is a system of highways and byways that help users and managers protect networks and resources. This

The increasing power and functionality of technology has increasingly invaded privacy and complicated security. Technology has made it possible for the government to

The purpose of this paper is to review State of Maryland information security program documentation and to determine the security standards used to create the program in order to protect confidentiality, integrity and availability of agency operations, organizational assets or individuals which is the main agenda of State of Maryland Department of information technology. We will also discuss about other standards that can be useful for the State of Maryland Information technology and compare and contrast the standards.

Congress had a substantial issue with that because NSA was forbidden from collecting any data on American citizens, and by charter, its mission was to surveil foreigners. The President’s directive was revised, denying the NSA the National Manager role. It was not until 1987 for Congress to pass a bill, assigning the National Bureau of Standards (now NIST), under the Department of Commerce, responsibility for developing standards and guidelines for the security of Federal computer systems, drawing upon technical

While many areas of the nation try to hang on in a stagnant economy, Texas is booming, including the DFW Metroplex. Frisco is an affluent suburb of Dallas, and is also experiencing a booming economy. The population is growing at a rate higher than ever before as people move in for jobs, the high quality of living, housing opportunities in Frisco, TX real estate, and its highly-ranked school districts. In fact, Frisco is ranked as number 1 in the fastest growing school district in Texas. Furthermore, the projected growth is expected to reach an additional 70,000 students within the next 5 years.

Government surveillance in the past was not a big threat due to the limitations on technology; however, in the current day, it has become an immense power for the government. Taylor, author of a book on Electronic Surveillance supports, "A generation ago, when records were tucked away on paper in manila folders, there was some assurance that such information wouldn 't be spread everywhere. Now, however, our life stories are available at the push of a button" (Taylor 111). With more and more Americans logging into social media cites and using text-messaging devices, the more providers of metadata the government has. In her journal “The Virtuous Spy: Privacy as an Ethical Limit”, Anita L. Allen, an expert on privacy law, writes, “Contemporary technologies of data collection make secret, privacy invading surveillance easy and nearly irresistible. For every technology of confidential personal communication…there are one or more counter-technologies of eavesdropping” (Allen 1). Being in the middle of the Digital Age, we have to be much more careful of the kinds of information we put in our digital devices.

The main goal of information security is to prevent the all network system from loss of confidentiality, integrity, and availability. All data and information transferred and stored on the DoD system will require encryption for protection of confidentiality.

Assess the adequacy and effectiveness of the organization’s IS security policy. In addition, assess whether the control requirements specified in the organization’s IS security standards adequately protect the information assets of the organization. At a minimum, the standards should specify the following controls and require them to be applicable to all information systems:

Federal Information Security Management Act- This act was passed in 2002 as part of the title 3 of the E-Government Act. Its purpose is to ensure that federal agencies protect their data. It gives specific responsibilities for federal agencies. They are responsible for protecting the system and data, complying with all elements of FISMA and integrating security in all processes.

The National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce, manages the Baldrige National Quality Program. NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. Through a network of technology extension centers and field offices serving all 50 states and Puerto Rico, NIST helps small- and medium-sized businesses access the information and expertise they need to improve their competitiveness in the global marketplace.

The heightened level of impact of data breaches on users necessitated emergence of state and federal laws mandating organizations to adhere to certain information security protocols. FERPA, HIPPA, GLBA, PCIDSS are few laws that requires organizations to draft and implement information security practices to protect the information at their disposal. Organizations started creating compliance teams and compliance programs to ensure their adherence and compliance with various laws and regulation.

“The American National Standards Institute (ANSI) was founded in 1918 and is headquartered in Washington, D.C., with an operational office in New York City. Its mission is “to enhance both the global competitiveness of U.S. business and the

Information classification assure confidentiality using a predefined measure to classify and handle information and whether it is allowed for distribution or not.

Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets.  A framework is the outline from which a more detailed blueprint evolves.  The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies.  The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years.  The blueprint is used to plan the tasks to be accomplished and the order in which