Download presentation
Presentation is loading. Please wait.
1
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004
2
OMB $ Requests Information & Asset Management FinancialManagement RiskManagement Dependent Functions! Cooperation by all required for full compliance in any. IT Alignment & Planning CIO Centers of Influence CIO Council Clinger-Cohen OMB A-130 IS Segment OMB A-130 Clinger-Cohen FFMIA E-Authentication FMFIA PDD 63 & 67 Hsps-7 *Replaces security elements of Computer Act of 1987, GPRA and GISRA OMB A-11 NIST FISMA*PMA
3
Big Picture Federal Information Security Management Act E-Government Act Presidential Management Agenda C&ACIRTSATEPM Assess- ments CIP EA (IS) Capital Planning Patch Mgmt System & Program POA&Ms Asset Inventory Security Program PMA: Government should be citizen-centered, results-oriented, and market-based. 1) Strategic management of human capital 2) Budget and performance integration 3) Competitive sourcing 4) Electronic-Government 5) Improved financial management. Effective implementation of E-Government is important in making Government more responsive and cost-effective. PMA: Government should be citizen-centered, results-oriented, and market-based. 1) Strategic management of human capital 2) Budget and performance integration 3) Competitive sourcing 4) Electronic-Government 5) Improved financial management. Effective implementation of E-Government is important in making Government more responsive and cost-effective. E-Gov: To enhance the management and promotion of electronic Government services and processes by establishing a Federal CIO within the OMB, and by establishing a broad framework of measures … to enhance citizen access to Government information and services…. FISMA (Title III of E-gov): A comprehensive framework for ensuring effectiveness of IS controls over information resources Recognize highly networked nature of Federal computing environment Minimum controls required to protect Federal Info Security and Info System Security FISMA (Title III of E-gov): A comprehensive framework for ensuring effectiveness of IS controls over information resources Recognize highly networked nature of Federal computing environment Minimum controls required to protect Federal Info Security and Info System Security
4
Head of Agency CIO FISMA Reporting Roles & Responsibilities CISO (Senior Agency Information Security Officer) Ensure integration of security management processes Ensure senior officials provide security info for operations & assets Ensure personnel are trained in compliance with mandate Ensure CIO reports annually on the IS program effectiveness Designates Senior Agency Information Security Officer to carry out security responsibilities Ensures senior management support Reports to Head of Agency on the IS program’s performance Heads IS program office with mission and resources to ensure agency compliance with FISMA Develops & maintains policy, procedures and techniques to address requirements Train & overseas Information Security personnel Assist senior agency officials concerning their responsibilities
5
Head of Agency 1.Establish goals to improve efficiency & effectiveness of operations through IT 2.Prepare an annual report on the progress in achieving the goals 3.Ensure that IT performance measurements are prescribed for use and how well programs are supported 4.Quantitatively benchmark process performance in terms of cost, speed, productivity, and quality of outputs and outcomes 5.Analyze and revise the mission-related processes before making significant IT investments 6.Ensure that the info sec policies, procedures, and practices are adequate. 7.Designate of Chief Information Officer In consultation with the CIO and CFO establish policies and procedures that-- 1.Ensure the accounting, financial, and asset management systems and other information systems of the executive agency are designed, developed, maintained, and used effectively to provide financial or program performance data for financial statements of the executive agency 2.Ensure that financial and related program performance data are provided on a reliable, consistent, and timely basis to executive agency financial management systems 3.Ensure that financial statements support assessments and revisions of mission-related processes and administrative processes and performance measurements evaluate investments made in information systems * Clinger-Cohen
6
Chief Information Officer 1.Provide advice and other assistance to Head of the Agency and other senior management personnel to ensure that IT is acquired and information resources are managed in compliance with policies and procedures and agency’s priorities 2.Develop, maintain, and facilitate the implementation of a sound and integrated IT architecture 3.Promote the effective and efficient design and operation of all major IRM processes, including improvements to work processes 4.Have IRM duties as that official's primary duty 5.Monitor the performance of IT programs of the agency, evaluate the performance of those programs on the basis of performance measurements, and advise the head of agency regarding whether to continue, modify, or terminate a program or project 6.Annually, as part of the strategic planning and performance evaluation process 1.Assess requirements regarding IRM knowledge and skill and the adequacy of such requirements for achieving IRM performance goals 2.Assess the extent to which the positions and personnel meet requirements 3.Develop strategies and specific plans for hiring, training, and professional development 4.Report to head of the agency on progress made in improving IRM capability 7.Designating a senior agency information security officer * Clinger-Cohen
7
SAISO (aka, Chief of Info Security) Designated senior agency information security officer shall-- Carry out the CIO’s security responsibilities Possess information security professional qualifications, including training and experience Have information security duties as that official's primary duty Head an office with the mission and resources to ensure FISMA compliance Develop and maintain an agency-wide information security program Develop and maintain IS policies, procedures, and controls to address all rqmts Train and oversee personnel with significant IS responsibilities Assist senior agency officials concerning their responsibilities * FISMA – E-gov Act 2002
8
Organizing Roles CIO CISO Operational PMs Sec PMs CTOOther Infrastructure Helpdesk CTO
9
Hardware & Software Patch Management* Change Control Board Standards, Baselines & Config* Security within System Integration Security within System Lifecycle Management* Program, System & Contractor Assessments* Privacy Impact Analysis C&A Process Management* Risk Management* Document Management* Policy Management & Integration* Security Roles & Responsibilities* Congressional Reporting* Performance Measurements* Sec within CPIC (Funding)* ISSO Management* Contractor Compliance* Computer Incident Response Capability* Sec Awareness, Training, & Education* Critical Infrastructure Protection* Security Response (COOP)* Network Security Physical Security (IT)* Audit Controls Comprehensive Security Program Through Performance-based Risk Management IS Program Management (Strategic) Information Security Operations Policy & Compliance Mgmt System Integration, Configuration, & Lifecycle Mgmt Vulnerability, Certification & Accreditation Mgmt IS Program Mgmt: Risk Mgmt Strategy, Program Mgmt Plan, Sec Architecture * Annotates FISMA Areas
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.