2 options
Information security across federal agencies : analysis of adequacy and effectiveness / Shane Palmer, editor.
- Format:
- Book
- Series:
- American political, economic, and security issues series.
- American Political, Economic, and Security Issues
- Language:
- English
- Subjects (All):
- Cyber intelligence (Computer security)--United States.
- Cyber intelligence (Computer security).
- Physical Description:
- 1 online resource (89 p.)
- Place of Publication:
- New York, [New York] : Novinka, 2016.
- Summary:
- Persistent weaknesses at 24 federal agencies illustrate the challenges they face in effectively applying information security policies and practices. Most agencies continue to have weaknesses in (1) limiting, preventing, and detecting inappropriate access to computer resources; (2) managing the configuration of software and hardware; (3) segregating duties to ensure that a single individual does not have control over all key aspects of a computer-related operation; (4) planning for continuity of operations in the event of a disaster or disruption; and (5) implementing agency-wide security management programs that are critical to identifying control deficiencies, resolving problems, and managing risks on an ongoing basis. These deficiencies place critical information and information systems used to support the operations, assets, and personnel of federal agencies at risk, and can impair agencies' efforts to fully implement effective information security programs. This book provides an analysis on the adequacy and effectiveness of agencies' information security policies and practices; and agencies' implementation of the Federal Information Security Management Act of 2002 (FISMA) requirements.
- Contents:
- INFORMATION SECURITY ACROSS FEDERAL AGENCIES ANALYSIS OF ADEQUACY AND EFFECTIVENESS ; INFORMATION SECURITY ACROSS FEDERAL AGENCIES ANALYSIS OF ADEQUACY AND EFFECTIVENESS ; CONTENTS ; PREFACE ; Chapter 1 FEDERAL INFORMATION SECURITY: AGENCIES NEED TO CORRECT WEAKNESSES AND FULLY IMPLEMENT SECURITY PROGRAMS* ; WHY GAO DID THIS STUDY ; WHAT GAO RECOMMENDS ; WHAT GAO FOUND ; ABBREVIATIONS ; BACKGROUND; New FISMA Requirements Clarify Roles and Responsibilities ; CONTINUED WEAKNESSES PLACE FEDERAL AGENCIES' INFORMATION AND INFORMATION SYSTEMS AT RISK
- Number of Incidents Reported by Federal Agencies Continues to Increase Cybersecurity Deficiencies Continue to Place Systems at Risk ; Agencies Exhibited Weaknesses in All Major Categories of Controls; Most Agencies Had Weaknesses in Access Controls ; Agencies Did Not Fully Implement Controls for Configuration Management ; More Than Half of the Agencies Did Not Segregate Incompatible Duties ; Agencies Had Weaknesses in Continuity of Operations; Agencies Did Not Effectively Manage Security ; We and Inspectors General Recommended Actions to Strengthen Information Security
- Federal Efforts Are Underway to Improve Security Cybersecurity Cross-Agency Priority Goals ; The National Cybersecurity Protection System (NCPS) ; The Continuous Diagnostics and Mitigation (CDM) Program ; The National Initiative for Cybersecurity Education (NICE) ; The Federal Risk and Authorization Management Program (FedRAMP) ; The Cyber and National Security Team (E-Gov Cyber) ; The 30-Day Cybersecurity Sprint ; AGENCIES' IMPLEMENTATION OF FISMA 2002 REQUIREMENTS WAS MIXED ; More Agencies Implemented Risk Management Activities ; Most Agencies Had Documented Policies and Procedures
- Number of Agencies with Sufficient Security Planning Decreased Number of Agencies Providing Sufficient Security Awareness Decreased and the Percentage of Personnel Receiving Specialized Training Decreased ; Fewer Agencies Are Periodically Testing and Continuously Monitoring Controls; Increasing Number of Agencies are Generally Implementing Elements of a Remediation Program, but Weaknesses Remain ; Agencies' Efforts to Implement Incident Response and Reporting Varied ; Fewer Agencies Had Adequate Contingency Plans
- Agencies Reported Operating Fewer Systems and Relying More on Contractor-Operated SystemsMore Agencies Implemented Privacy Requirements ; Amount of Spending on Information Security Varied Among Agencies ; NIST Continues to Provide FISMA-Related Guidance to Agencies ; Inspectors General Report on Agency Implementation of FISMA ; OMB and DHS Continue Actions, but Opportunities Remain for Improving Annual Reporting of Agency Information Security Programs ; Guidance for Reporting Agency Evaluations Was Not always Complete ; CONCLUSION ; RECOMMENDATION FOR EXECUTIVE ACTION
- AGENCY COMMENTS AND OUR EVALUATION
- Notes:
- Includes index.
- Description based on online resource; title from PDF title page (ebrary, viewed September 3, 2016).
- ISBN:
- 1-63484-953-1
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.