Va Cyber Security Research Paper

1279 WordsMar 9, 20136 Pages
Department of Veterans Affairs Security Profile 1. Preface This security profile of the Department of Veterans Affairs (VA) is based on two documents of public record. The first is the published VA Handbook 6500 (VAH 6500) which defined policy and procedures for systems within the purview of the VA (Department of Veterans Affairs, 2007). The second document is the Federal Information Security Management Act Assessment for FY 20011 commissioned by the VA Office of Inspector General (OIG) and performed by Ernst & Young in accordance with Federal Information Security Management Act (FISMA) guidelines (VA Office of Inspector General, 2012, p. i). 2. Identification of Controls This security profile presents one control function…show more content…
4.3. Implementation Impact The OIG 2011 FISAM Assessment indicates that “FISMA Section 3544 requires establishing policies and procedures to ensure information security is addressed throughout the life cycle of each agency information system” (VA Office of Inspector General, 2012, p. 9). Based on the lack of consistency in use of SDLC and change control, major security risks may go unnoticed. 4. Operational Controls Operational controls focus on techniques and procedures put in place by Information Technology staff or systems managers. The purpose is to increase security and provide deterrence via system controls. 5.4. VAH6500 Section 6.b.(11) Security Training, Education, and Awareness VAH6500 provides a concise policy which states any individuals that access sensitive information or systems must complete annual security training. Key persons with “significant” roles must attend additional training. All training is monitored for completeness. Policy indicates before employees can use systems security training must be completed. 5.5. Implementation Assessment Policy indicates that fourteen key pieces of information must be covered before an individual is allowed to begin work. This training must also be refreshed annually. The tracking of this information is the responsibility of the local ISO (Department of Veterans
Open Document