Module 1 - Intro to Legal and Ethics Flashcards
Three aspects of securing computer
balance between confidentiality, integrity, and availability.
Regulations
Combination of policies and laws
Demonstrate Compliance with Regulations Through…
Verification, validation, and reporting
3 Examples of legislation to protect financial investments in IS systems
Clinger-Cohen Act E-Government Act FISMA
FISMA (acronym)
Federal Information System Management Act
E-Government Act (purpose)
promote and use: - E-Government services - and use of Internet and technology by U.S. citizens and its government agencies
FISMA (implications)
- Title III of E-Government Act - intro. series of controls and oversight to help secure government IS. - Tactical decisions left up to individual agencies (result is each Federal agency and Department at various levels of compliance through risk mitigation)
OMB Circular A-130 (background & result)
Office of Management and Budget - built on Computer Security Act of 1987 - ties budget review to compliance with Info security controls.
E-Government Act (Findings)
- Use of computers and Internet rapidly transforming societal interactions and the relationships among citizen, businesses, and Government - Federal Gov. has had uneven success in applying technology to enhance functions and services - most Gov services have been developed and presented separately.
Privacy Impact Assessments
- Required by E-Gov Section 208 So as to : - document and justify why PII is collected - identify what type of PII collected - identify security plans to protect PII
FISMA (Purpose)
provide comprehensive framework for ensuring effectiveness of information security controls
Information Security (definition)
protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction in order to provide: integrity confidentiality availability
national security system (definition)
any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency
Agency Director Responsibilities Under FISMA
1 - implementation of policies and guidelines on information security 2 -to identify and provide information security protections commensurate with the risk 3 -coordinating the development of standards and guidelines under section 20 of the National Institute of Standards and Technology Act 4 - overseeing agency compliance 5 - reviewing at least annually and approving IS programs 6 - coordinating IS policies and procedures with management policies and procedures 7 -overseeing the operation of the Federal information security incident center 8 - reporting to Congress on compliance
Evaluation Requirement (FISMA)
Each year - independent evaluation of the information security program and practices to determine effectiveness.
OMB Circular A-130 (Appendix III) (Result)
established a minimum set of required controls for Federal Information Systems
Major Application (under OMB A-130)
An application that requires special attention to security due to the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application.
General Support System (Under OMB A-130)
An interconnected set of information resources under the same direct management control which shares common functionality.
OMB A-130 Responsibilities for DoC
Department of Commerce:
- develop standards and guidance
- review guidelines for traiing
- guidance in security planning
- cost-effect control for interconnecting
- coordinate incident response activities
- evaluate new technologies for security vulnerabilities
OMB A-130 Responsibilities for DoD
OMB A-130 Responsibilities for DOJ
- guidance on legal remedies regarding security incidents
- pursue legal actions
OMB A-130 Responsibilities for GSA
- guidance on security considerations for acquitsition
- facilitate contract vehicles
- provide security services
