Case Study on "Automating Compliance With Federal Information Security Requirements"

Case Study 9 pages (2485 words) Sources: 1

[EXCERPT] . . . .

Automating Compliance With Federal Information Security Requirements

In this paper we present a discussion on a case study regarding SRA International, Inc. which is a corporation that provides the federal government with information technology (IT) solutions at various levels such as national security, health care, civil government and public health sector with various information technology (IT) solutions. Our aim is to study the way in which the firm adapts and responds to the automation compliances with regards to the Federal Information Security (IS) requirements. Our attention is on the dynamics and procedures that the firm puts in place in order for it to ensure maximum compliance levels with the laid down standards of compliances by the homeland security. We begin by an analysis of the reasons why SRA made a decision to work with the federal government departments as well as agencies and the advantages attached to that move. We also evaluate what open source intelligence is and its relationship with the national security. Later on we evaluate what critical infrastructures with a listing of relevant examples. The importance of improved interoperability between the various federal agencies and the national security agencies is also evaluated. Other issues such as the need for legal regulations as well as guidance are also evaluated. The overall goal is to highlight the various complexities that are involved in complying with the security regulations in the federal government information systems.

Introduction

The importance of the SRA International, Inc. To the people of the United States of America cannot be overemphasized. Its role of the providing the federal government with information technology (IT) solutions at various levels such as national security, health care, civil government and public health sector with various information technology (IT) solutions. I think that SRA made a decision to work with the federal government departments as well as agencies as a result of various reasons. The main one of which are:

Federal government is a good business partner since it is guided by strict regulations mandated by the senate itself. This therefore means that chances of fraud and even contract breaches are minimal.

The Federal government and other agencies are under it are never likely to run bankrupt in the near future. This therefore brings about assurance and hence the trust needed in finishing of deals with the chosen partner

As an American firm, I think they felt the patriotic need to engage in active duty of defending the nation's assets and its citizens from any form of external aggression.

This move has been a good strategy by RSA since it is assured of its future profits and customer base. The fact that the company deals with too much classified information also means that it always stays ahead of its competing partners who might be interested in providing the same services as they do.

As we proceed to analyze the security regulations in the federal government information systems that are developed and maintained by RSA, it is important to ensure that we understand some of the ground breaking technologies are employed in order to gain intelligence and counterintelligences from various sources. This therefore leads us to the definition and analysis of open source intelligences.

Open source intelligence

There are various definition of the term open source intelligence. Open source intelligence is made up of information that is considered unclassified. It may also be used to refer to information that originates from certain overt and non-clandestine / non screw sources (Best,2007).However other organizations such as the Intelligennce Community uses the term to refer to information that is otherwise available to the general public and can be obtained in a lawful manner upon due request, observation or purchase (2006).It is therefore important to ensure that the acquisition of open source intelligence be in conformity with the extant copyright regulations and requirements.

Categories of open source intelligence as outlined by Sands (2005)

Widely available data/information

Targeted commercial data/information

Individual experts

Gray literature-made up of written information that is generated by various private sector, the government as well as academe. This category is characterized by limited availability as a result of very few copies that are produced or due to the nature of existence of the material being unknown to a large extent. Constrained access also marks this category (Ibid).

Open source information includes but is not limited to the following:

Newspapers, radio, television, magazines as well as other forms of computer-based data

Information / data that is from the government and availed to the general public. These are items like government reports and other forms of official data like legislative debates, speeches, hearings as well as budgets and demographics.

Information from various professional as well as academic sources that are presented in conferences, professional associations, symposia, academic papers, theses, dissertations and other expert materials (Lowenthal,2003)

Commercial data such as imagery

The relationship between open source intelligence, national security, and text and data mining software

Open Source Intelligence (OSINT) is a good enabler of national security as pointed out by CSS (2008).The benefits of OSINT to the national security are numerous. The fact that the cost of using OSINT is minimal is of great importance. This makes it best for data collection as it is less expensive than collecting of information through classified methods. The various high end imagery available from Google Earth are agood example of open source intelligence. They eliminate the need to invest in very expensive satellite equipment and installations. The information gathered can also be used appropriately in relaying to the general public regarding serious threats to the national security.

Businesses and open source intelligence

It is important to note that open source intelligence is of great importance to various businesses. This is despite the fact that the information is unclassified. The information is considered as proprietary to the company since it usually contain financially sensitive information which is bound by law and has the potential of causing serious personally damages (Ibid)

Critical infrastructure

The definition of critical infrastructure has for some time undergone certain major changes. The U.S. public policy's definition has often been both evolutionary while being ambiguous at the same time (CSR, 2004).The debate is however concentrated around the adequacy of the public resources which have for a while been observed as deteriorating and insufficient. The definition of critical infrastructure can be derived from the report forwarded by Council of State Planning Agencies which defines infrastructure as constituted of a Public buildingswide set of public facilities as well as equipment that are required in order to provide various social services as well as support to the many economic activities that take place in the private sectors of the economy. The facilities and equipment include the following (Vaughan and Pollard,1984)

Roads

Bridges

Bridge

Water and sewer systems

Ports

Airports

Buildings

Schools

Jails

Health facilities

Electric Power systems

Waste disposal

Communication equipment

Improved interoperability between federal agency systems necessary for national security purposes

Interoperability refers to ease with why system components can exchange information between each other with minimal disruption of the system performance. This quality is crucial to the federal agency system of operation since it is important that national security be guaranteed. The system can achieve this by pooling of data and information in a centralized database then offering information sharing functionality between various federal agencies. This is usually through the use of items such as the Public key Infrastructure (PKI) to enable interoperability of various government transaction and operations as is demonstrated by Kahler and DeBlois (2003). The advantages include:

The faster movement of government transactions

The faster detection of fraud in the federal systems perpetrated by citizens and non-residents

The improvement of efficiency and response times of the entire federal agency systems

Allows for an almost real time monitoring of various critical infrastructure across the nation and therefore ensures that the national security risks are quickly detected

Allows for the detection of various anomalies such as disease outbreaks and other forms of national disasters and provides data that can be analyzed in order to come up with fast/emergency disaster management plans

FISMA replaced the Government Information Security Reform Act (GISRA). Provide an overview of GISRA. Do you think that there are significant differences between FISMA and GISRA?

Overview of GISRA

The Government Information Security Reform Act (GISRA) was formerly referred to as Thompson-Liebermann Act. GISRA is a federal law that calls for the various U.S. government agencies to come up with an implementation of information security program that comprises of the planning, assessment and the protection of the program. It was enacted in 2002.It was however replaced by Federal Information Security Management Act (FISMA) in the same year.

Roles

GIRMA requires all federal agencies to perform risk management of various non-classified systems (open intelligence systems) as well as to develop and implement various security policies. The Act also requires the implementation of certain security policies as well as procedures for data. It also requires the developing of processes that are used in fixing of various security vulnerabilities… READ MORE

How to Reference "Automating Compliance With Federal Information Security Requirements" Case Study in a Bibliography

Related Papers:

Security Policy Dr. Fossett's Dental Office Term Paper

Security Policy of a Dental Office

Information Technology Security for XYZ's Dental Office will be achieved by implementing these controls, policies, procedures and standards. This approved Security policy reflects the… read more

Term Paper 3 pages (1254 words) Sources: 0 Topic: Computers / IT / Internet

---

Security Issues of Online Communities Term Paper

Security Issues of Online Communities

Online communities have emerged in recent years as a result of the rapid growth of the Internet, arousing intrigue in citizens, policy-makers and government officials.… read more

Term Paper 60 pages (15576 words) Sources: 1+ Topic: Computers / IT / Internet

---

Automated Banking in Our Future Term Paper

Automated Banking in Our Future

Privacy's advent in the technological era

Information technology (it) has changed and modified life throughout the world. In fact, it has redefined "the world." Neighbors… read more

Term Paper 15 pages (3877 words) Sources: 1+ Topic: Computers / IT / Internet

---

Federal Reserve System Term Paper

Federal Reserve System more commonly known as the Federal Reserve or simply 'the Fed' functions as the Central Bank of United States. It was established by the Congress in 1913… read more

Term Paper 7 pages (2752 words) Sources: 1+ Topic: Economics / Finance / Banking

---

Cloud Computing and Data Security Term Paper

Cloud Computing and Data Security

Cloud computing service providers have made their systems so inexpensive to use and easy to access, that there is little reason that companies should not… read more

Term Paper 18 pages (5196 words) Sources: 15 Topic: Computers / IT / Internet

---

View 100+ more related papers  >>