Thursday, September 26, 2019

Project 3 Information System Security Plans Research Paper

Project 3 Information System Security Plans - Research Paper Example Then, with todays rapidly changing political, economic, and importantly technical environment increasing the threat for the federal agencies, it becomes paramount for those agencies to adopt a strong security plan. In that direction, the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) has developed guidelines on the ways to formulate and adopt a security plan. â€Å"NIST SP 800-53 contains the management, operational, and technical safeguards or countermeasures prescribed for an information system† (Swanson, Hash & Bowen, 2006). Among the various parts of the NIST’ security plan, the focus will be on the four sections of General Description, System Environment, Laws, regulations, and policies, and finally Security Control Selection. So, when a federal agency like Department of Defense (DoD) adopts a security plan, these four sections can contribute optimally to the process and so the discussion will about why are thes e sections are important and how they can be applied in DoD. All federal agencies or systems including DoD reflect some to extreme level of sensitivity and because of that it requires protection for its physical IS system and its virtual data as part of secured and good management practice. In that direction, DoD adopted a risk-focused security plan and guidelines of NIST in 2014 after dropping its longstanding DoD Information Assurance Certification and Accreditation Process (DIACAP). DoD transitioned to NIST considering its effectiveness, in-depth focus and at the same user-friendly nature. â€Å"The NIST library of security controls (in NIST publication 800-53 Rev. 4), currently in use at most civilian agencies, are much larger and the controls more granular, yet easier to understand and implement, than DIACAP, say those familiar with both methods†

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.