Module 1 - Intro to Legal and Ethics Flashcards
Three aspects of securing computer
balance between confidentiality, integrity, and availability.
Regulations
Combination of policies and laws
Demonstrate Compliance with Regulations Through…
Verification, validation, and reporting
3 Examples of legislation to protect financial investments in IS systems
Clinger-Cohen Act E-Government Act FISMA
FISMA (acronym)
Federal Information System Management Act
E-Government Act (purpose)
promote and use: - E-Government services - and use of Internet and technology by U.S. citizens and its government agencies
FISMA (implications)
- Title III of E-Government Act - intro. series of controls and oversight to help secure government IS. - Tactical decisions left up to individual agencies (result is each Federal agency and Department at various levels of compliance through risk mitigation)
OMB Circular A-130 (background & result)
Office of Management and Budget - built on Computer Security Act of 1987 - ties budget review to compliance with Info security controls.
E-Government Act (Findings)
- Use of computers and Internet rapidly transforming societal interactions and the relationships among citizen, businesses, and Government - Federal Gov. has had uneven success in applying technology to enhance functions and services - most Gov services have been developed and presented separately.
Privacy Impact Assessments
- Required by E-Gov Section 208 So as to : - document and justify why PII is collected - identify what type of PII collected - identify security plans to protect PII
FISMA (Purpose)
provide comprehensive framework for ensuring effectiveness of information security controls
Information Security (definition)
protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction in order to provide: integrity confidentiality availability
national security system (definition)
any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency
Agency Director Responsibilities Under FISMA
1 - implementation of policies and guidelines on information security 2 -to identify and provide information security protections commensurate with the risk 3 -coordinating the development of standards and guidelines under section 20 of the National Institute of Standards and Technology Act 4 - overseeing agency compliance 5 - reviewing at least annually and approving IS programs 6 - coordinating IS policies and procedures with management policies and procedures 7 -overseeing the operation of the Federal information security incident center 8 - reporting to Congress on compliance
Evaluation Requirement (FISMA)
Each year - independent evaluation of the information security program and practices to determine effectiveness.
