Information System Security Plans For Information Systems

1.1Security CategorizationUsing either FIPS 199 or CNSS 1253, categorize the information system. The completed categorization should be included in the security plan.

This policy provides a framework for the management of information security throughout Cañar Networking organization. It applies to:

internal and external users to whom access to the organization’s network, data or other sensitive

This policy establishes the guidelines that the organization follows. This would include an acceptable use policy, an authentication policy, and an incident response policy (“The IT Security Policy Guide”, n.d., pg. 6). This policy will reflect the entire organizations security posture, not just the IT department ideas. A strong policy will help employees understand what is expected of them, and explain to customers how their information is protected.

“The Federal Information Processing Standards Publication Series of the National Institute of Standards and Technology (NIST) is the official series of publications relating to standards and guidelines adopted and promulgated under the provisions of Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-106) and the Federal Information Security Management Act of 2002 (Public Law 107-347)” ("FIPS PUB 199," 2004). In this paper, FIPS PUB 199 has been chosen as the security standard used by State of Maryland Department of information technology. This standard addresses to develop standards for categorizing information and information systems. On the other hand, ISO/IEC 27001 is the other standard not used by State of Maryland which has been discussed as a contrast standard.

Another step involves security checks upon implementation and describes agency-level threat to the business scenario or the mission. It similarly entails sanctioning the information system for processing and lastly constant monitoring of the security controls. FISMA and NIST's standards are aimed at offering the ways for agencies to achieve their identified missions with safety commensurate with the threat (United States Department of Agriculture, 2015). Together with guidelines from the Office of Management and Budget (OMB), FISMA and NIST create a framework for advancing and growing an information security scheme (SecureIT, 2008). Such framework includes control descriptions and evaluation, program development, and system certification and accreditation. The final objective involves conducting daily functioning of the agency and achieving the agency's articulated objectives with sufficient security commensurate with risk.

Other security elements are in reference to data recovery, database administration, handling a breach in security and administrative security policies such as access procedure, employee transfer and excessive user access. As I assume the role of the chief security officer, database designer, database administrator, and chief applications designer this project is very important to the armed services and the Virgin Islands National Guard as we strive to provide global security.

Sadly, there is no way to alleviate the numerous amounts of threats that haunt networks and computers worldwide. The foundation and framework for choosing and implementing countermeasures against them are very important. A written policy is vital in helping to insure that everyone within the organization understands and behaves in an appropriate manner with regards to the fact that sensitive data and the security of software should be kept safe.

Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of IDI which must be managed with care. All information has a value to IDI. However, not all of this information has an equal value or requires the same level of protection. Access controls are put in place to protect information by controlling who has the rights to use different information resources and by guarding against unauthorised use. Formal procedures must control how access to information is granted and how such access is changed. This policy also mandates a standard for the creation of strong passwords, their protection and frequency of change.

UnitedLex recognizes that to be a successful company they need to be able to promise a secure environment for their employees and their customers. This safety applies to all technical systems and the information stored, processed, or transmitted within these assets. This document covers many different Information Systems Security Policies to provide guidance on what is authorized and prohibited use on several systems. Each ISSP will explain their purpose, intended audience and who is responsible for managing the systems.

Through the Federal Information Security Management ACT (FISMA) it was made mandatory that organizations would have to develop standards that would be in compliance with federal regulations that were put into place. Because of this the Federal Information Processing Standards Publication (FIPS) 199 and FIPS 200 were put into place in order to establish a set of standards for organizations so that they could determine what their category would be for their systems (NIST, 2012). In order to enforce the security categories from FIPS-200, the NIST SP 800-53 would be utilized in order to set in place a security control

A security administrator can look to the Information Technology- Code of Practice for Information Security Management, ISO 17799/BS 7799 as well as ISO 17799/BS 7799, the NIST Security Models including the SP 800-12, 14, 18, 26, and 30, and the VISA International Security Model are just a few of the established security frameworks available.

• Design of security solutions for information systems and environments of operation including selection of security controls, information

Successful security plans include evaluation of data sensitivity, integrity, confidentiality, and date availability. System confidentiality assures that all data in the system is protected from disclosure to unauthorized processes, people, or devices. System integrity insures that company’s data is protected from unanticipated/unauthorized, or unintentional destruction (or modification). System availability provides assurance that data, services, and IT system resources are accessible to all system-related processes and authorized users on a reliable and timely basis, while protected from denial of service (Assessing the Security of Federal IT Systems, 2007).

Restrict Department users from storing high sensitivity data including but not limited to personal information on removable media (i.e., USB thumb drives, flash drives, compact discs, tapes) unless specifically directed to do so as part of their job function and authorized by Department management.