Federal Information Security Management Act

The purpose of this paper is to research and evaluate the legislative drivers for information security programs of State of Maryland in order to improve the information security policy to prevent loss of the confidentiality, integrity and availability of agency operations, organizational assets or individuals with new amendments in legislation. This paper elaborates the objectives of five proposals that would impact the information security policy of the State of Maryland upon becoming legislation.

Data security; affinion security center augments data breach solution. (2012). Information Technology Newsweekly, , 91. Retrieved from http://search.proquest.com/docview/926634711?accountid=458

There are six U.S. based compliance law to date. These are Federal Information Security Management Act (FISMA) 2002, Health Insurance Portability and Accountability Act (HIPAA) 1996, Gramm-Leach-Bliley Act (GLBA) 1999, Sarbanes-Oxley Act (SOX) 2002, Family Educational Rights and Privacy Act (FERPA) 1974, Children’s Internet Protection Act (CIPA) 2000. The two I will discuss are:

Homeland Security is the intersection of evolving threats and hazards with traditional government and its responsibilities for civil defense emergency response law enforcement, customs border control and immigration. Moreover, the term “enterprise” is a national effort that refers to the collective efforts and shared responsibilities of federal, state local, tribal, territorial, nongovernmental and private-sector partners as well as individuals ( U.S. Department of Homland Security, 2010). Since the creation of the Department of Homeland Security, the concept of National Intelligence was arranged by the Intelligence Reform and Terrorism Prevention Act of 2004. As that was formulated, the IC community was known to be more coordinated and effective. The Act also made it possible for the integration of domestic and foreign dimensions of us intelligence to eliminate gaps and understanding national security threats. Also, this brought about the mission of the Department of Homeland Security and future capabilities of the department (Noftsinger, 2007).

The security plan is formulated to protect the information and important resources from a wide variety of potential threats. This will promote business continuity, reduce business risks and increase the return on investment together with business opportunities. The security of information technology is attained by executing a suitable set of control, efficient policies, processes, organization structures, software and the hardware. These given controls ought to be formulated, put into action, assessed, analyzed and developed for productivity, where necessary. This will allow the explicit security and business objectives of the United States Department of health and Human Services to be accomplished (Easttom, 2006, p.32).

The security and authorization family controls are focused on the creation and maintenance of a security plan. Through this it would identify the individuals responsible for information systems and the development of plans and how to implement them by creating goals to help them in meeting their overall goal for their security program.

When you have a low grade the CIO of the agency’s may have to talk to congress to let them know what is going on with the agency’s The office of management and budget ( OMB) it may delay or may even cancel funding to this agency. When you talk about FISMA it was created under title lll of the E- Government act of 2002. This act requires federal agencies to give the public access to various government agencies system and data . In each of the agency will implement the policies and all of the procedures and to may sure that it is cost – effectively reduce IT security risk to an acceptable level. The IRS IT system challenge: provide desired level of public access while keeping confidential data. Federal agency security managers spend approximately 45 percent of their time on compliance issues managers with budgets more than 10 million to spend and 27 percent of their time is spend on compliance issues .The NIST computer security division has proposed the following nine steps, process for increasing the security of federal agency IT system. These are the nine steps to achieving FISMA

The Department of Defense (DoD) is America 's oldest and largest government agency, with military traces dating way back to pre-Revolutionary times. The Department of Defense has since grown and evolved with the nation, hence becoming the national’s largest employer with over 1.4 million active duty soldiers, 1.1 million National Guard and Reserve forces, and 718,000 civilian personnel. With such a huge organization does come with a huge network, and security infrastructure network, and the burden to protect the information transferred or stored on that network. This means information is a strategic asset to the Department of Defense; it’s therefor the goal of this security policy to provide guidelines of implementing

Assessments are used to determine if sufficient security is being utilized to protect federal data. These requirements are put in place to identify vulnerabilities within the information security infrastructure. It rates potential weak points that may be caused if vulnerability was found and a plan of action must be developed and executed to elevate found vulnerabilities to meet desire security standards. System administrators are obligated to assist their higher levels with found assessment and suggestions on how to improve the information system infrastructure. Scanning the system infrastructure is one of many modes used to assess the strength of information security. Several software, such as QualysGuard, have been designed to scan system architecture. QualysGuard is an automated suite that simplifies information security measures by rendering critical security intelligence. The suite offers full protection of all information security systems, auditing, and compliance assessments. Accrediting and

As an entity that manages, uses and stores private and sensitive data such as personal identification, health records, billing transaction data and company confidential information, the current stage of the network security does not comply with federal and state regulations, such as privacy, safeguard of confidentiality, integrity and availability of the data.

While all of these technologies have enabled exciting changes and opportunities for businesses, they have also created a unique set of challenges for business managers. Chief among all concerns about technology is the issue of information security. It seems to be almost a weekly occurrence to see a news article about yet another breach of security and loss of sensitive data. Many people will remember high profile data breaches from companies such as T.J Maxx, Boston Market, Sports Authority, and OfficeMax. In the case of T.J. Maxx, a data breach resulted in the loss of more than 45 million credit and debit card numbers. In many of these incidents, the root cause is a lack of adequate security practices within the company. The same technologies that enable managers can also be used against them. Because of this, businesses must take appropriate steps to ensure their data remains secure and their communications remain

Today’s Government is faced with many challenges when it comes down to Information Assurance compliance. The Government is faced with the impossible task of unifying all systems and ensuring that they meet all the mission needs. So this paper will include an analysis of cybersecurity metrics as well a governmental policy framework. I will discuss some cybersecurity strategies, frameworks, workplace threats caused by modern day technology, and at least one governments strategic prospective as it relates to their methodology of what a cybersecurity policy should be.

On an average of 2% a year, personal records are exposed from over 700 public breaches over all areas of the departmentalized sectors. Global cost per every lost or stolen record are on the average of over $100 containing secret and touchy information. There were 35% more security incidents detected within the last

The government needs to take greater steps to protect and secure government information from foreign cyber-attacks.

The Federal Government needs to create information systems which are more effective shielded systems to protect their assets and resources at home. The foundation of any mandated cybersecurity strategies that secure our nation national security must incorporate worldwide or state local threats whether targeted toward the federal government or the private sector forces. The OPM breach highlighted the insufficient and inconsistence security approaches the federal government has already used in modernizing the existing cybersecurity policies. There is a requirement for the United States government to institute polices that would incorporate and implement new government cybersecurity structures and centralized the protection of their assets to avert future breaches (Source). Examining the inadequacies in the current national cybersecurity policies and regulations is disappointing as OPM choice to implement these mechanisms and the current authoritative propositions to cybersecurity must change immediately. It was reported that OPM only spent $2 million in 2015 to avert pernicious digital assaults, while the Department of Agriculture spent $39 million. The Department of Commerce, Department of Education, and Department of Labor likewise invested more money in cybersecurity resources than the Office of Personnel Management. The Small Business Administration devoted a similar amount into cybersecurity to recognizing, examining, and alleviate any cyber breaches as OPM, however