Information Assurance Certification And Accreditation Process

1987 Words8 Pages
Cisco 2014 Midyear Security Report estimates there will be 50 Billion things on the Internet by 2020. Combine this with 91% increase in targeted attacks, 62% increase in data breaches, 552M identities compromised in 2013 reported by Symantec in their 2014 Internet Security Threat Report and visions of cyber security chaos begins to appear. The scope of this paper cannot cover cyber security threat to the entire Internet or such a broad topic as cyber security threat in general. The intent of this paper is to narrow the subject to cyber security threat assessment in the U.S. Department of Defense. Threat assessment is a necessary activity in DOD cyber security. Both the Defense Information Assurance Certification and Accreditation Process (DIACAP) and its replacement the DOD Risk Management Framework (RMF) include steps for threat assessment. There are multiple detailed processes for conducting threat assessment such as the National Institute of Standards and Technology (NIST) (2012). These processes clearly illustrate the need for cyber security threat assessment, but United States Government Accountability Office (GAO) (2011) suggests that DOD is not yet prepared to address the cyber security threat stating that DOD is too large and complex. Meanwhile, United States Government Accountability Office (2011) reports that according to U.S. Strategic Command, DOD is experiencing a cyber security storm with threat actors compromising DOD systems to achieve their goals. Department
Open Document