Technology – Security Policy, Ethics, and the Legal Environment Essay

Exclusively available on Available only on IvyPanda® Made by Human No AI

Abstract

In today’s technologically advanced and progressively more network-connected world, information technology security management backs economic and organizational technological arrangement, and also guards its IT operations and assets against internal and external threats, planned or otherwise (Peltier, 2001; Thomas, 2002; Dhilon, 2007).

The principle function of IT security management is to guarantee confidentiality, integrity, and availability (CIA) of IT systems (Perrin, 2008). Primarily, security management is part of the risk management procedure and business continuity strategy in an organization.

IT security.

Introduction

The Federal Information Security Management Act (FISMA) changed what has been generally classified as the Government Information Security Reform Act (GISRA), which was terminated at the end of the 107th Congress (Sebastian, 2010). On the other hand, Congress passed two versions of FISMA at the conclusion of the 107th Congress (Layton, 2007).

The first version approved as part of the Homeland Security Act of 2002 (P.I. 107-296, Title X; 116 Stat. 2135, at 2259). The second version takes an established status the order of its importance. The act concerns government wide, as well as small and independent agencies of the federal government. Many of these prerequisites are now found in the Federal Information Security Management Act of 2002.

Federal Information Security Management Act

The economic and national security significance is acknowledged by the federal information security management act (NIST, 2012). However, FISMA is the primary law controlling information security program.

Title III of the E-Government Act of 2002, and the federal Information Security Management Act of 2002, obliges federal government agencies to present information security protections for economy and business information and information systems (Moteff, 2004; Smedinghoff, 2008; Dacey & Rhodes, 2004, p.5).

Major Provisions of the Act

Section 301

The Federal Information Security Management Act of 2002 has five most important provisions. Section 301 of the act amends Chapter 35 of the Title 44 of the State code by modifying or adding a new Subchapter III on the information Security.

Section 302

Section 302 amends 40 U.S.C. 11331, which concerns the ethical prescription of information security standards.

Section 303

Section 303 of the act amends the National Institute of Standards and Technology Act (NIST; 15 U.S.C. 278G-3), which gives NIST the task of developing standards for information technology, as well as security standards for federal information systems.

Section 304

Section 304 amends the National Institute of Standards and Technology Act (15 U.S.C. 278G-4), which laid the groundwork for the Information Security and Privacy Advisory Board.

Section 305

Section 305 makes technical alteration and amendments that meets the requirements, two of which are of some importance.

Subchapter III

Chapter 35 of Title 44, United States Code, Subchapter III, on Information Security elaborates the power or right and obligations for the development, execution, assessment, and supervision of policies and practices linked with securing federal information systems.

Explicitly, it authorizes the Director of OMB to supervise the development and execution of information security policies, principles, and guidelines across the federal government (Management of Federal Information Resources, n.d).

The director’s authority includes managing the development of policies, principles, values and guidelines; examining and approving or disapproving agency security programs; and, taking actions as authorized by 40 U.S.C 11303 which covers national security systems.

Additionally, Subchapter III also expects each agency to create and execute an information security program. It prescribes what this program should incorporate. It assigns each agency head the task for developing and verifying the execution of the program (Mattord & Whitman, 2010, p.247).

Subchapter III also expects that each agency present its information security program to a yearly independence assessment. The subchapter necessitates that the results be presented to the Director of OMB who is to review them in a report to Congress (Powner, 2009, p.30; Wilshusen, 2008, p.1).

This possibly is the most important element of FISMA by which Congress planned to ensure satisfactory supervision and conformity with federal information security requirements.

FISMA amends 40 U.S.C. 11331 which permits the Secretary of Commerce to lay down principles and strategy concerning federal information systems.

FISMA also amends 15 U.S.C 278g-3, which gives NIST the task of creating principles, rule, and related processes and procedures for information systems (Swanson, 2011, p. iii). These principles and rule consist of those for securing federal information systems, excluding national security systems.

FISMA, above all, amended this section by deciding that NIST shall, at least, develop standards for categorizing all organization information and information systems, proposing what type of information or system should be incorporated in each group, and developing least security requirements for each group.

FISMA also instructs NIST that these standards should, to the most feasible extent possible, be technology unbiased and allow for the use of commercial-off-the-shelf products.

In conclusion, FISMA canceled 40 U.S.C 11332, which integrated language that was formerly passed as part of the Computer Security Act. This language expects agencies to develop security plans for their computer systems and to provide personnel education in security knowledge and practices.

FISMA also amends 44 U.S.C. 3505 to incorporate a requirement that agencies list their most important information systems and identify where these systems hinder with other systems and networks.

Reference List

Dacey, R.F. and Rhodes, K. A. (2004). Information security technologies to secure federal systems. Washington, DC: DIANE Publishing.

Dhillon, G. (2007). Principles of Information Systems Security: text and cases. NY: John Wiley & Sons.

Layton, T. P. (2007). Information Security: Design, Implementation, Measurement, and Compliance. Boca Raton, FL: Auerbach publications.

Management of Federal Information Resources, (n.d). Circular A-130, Office of Management and Budget (OMB). Web.

Mattord, H. J., & Whitman, M. E. (2010). Management of Information Security. Boston, MA: Cengage Learning.

Moteff, J. D. (2004). Computer Security: A Summary of Selected Federal Laws, Executive Orders, and Presidential Directives. CRS Report RL 32(3)57.

NIST: (2012). . Web.

Peltier, T. R. (2001). Information Security Risk Analysis. Boca Raton, FL: Auerbach publications.

Perrin, C. (2008). “The CIA Triad”, Tech republic. Web.

Powner, D. A. (2009). Cyber Analysis and Warning: DHS Faces Challenges in Establishing a Comprehensive National Capability. Washington, DC: DIANE Publishing.

Sebastian, S. J. (2010). Financial Audit: IRS’s Fiscal Years 2010 and 2009 Financial Statements. Washington, DC: DIANE Publishing.

Smedinghoff, T. J. (2008). . Web.

Swanson, M. (2011). Contingency Planning Guide for Federal Information Systems. Washington, DC: DIANE Publishing.

Thomas, P. R. (2002). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Boca Raton, FL: Auerbach publications.

Wilshusen, G. (2008). Information Security: Progress Reported, but Weaknesses at Federal Agencies Persist: Congressional Testimony. Washington, DC: DIANE Publishing.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2019, April 18). Technology – Security Policy, Ethics, and the Legal Environment. https://ivypanda.com/essays/technology-security-policy-ethics-and-the-legal-environment/

Work Cited

"Technology – Security Policy, Ethics, and the Legal Environment." IvyPanda, 18 Apr. 2019, ivypanda.com/essays/technology-security-policy-ethics-and-the-legal-environment/.

References

IvyPanda. (2019) 'Technology – Security Policy, Ethics, and the Legal Environment'. 18 April.

References

IvyPanda. 2019. "Technology – Security Policy, Ethics, and the Legal Environment." April 18, 2019. https://ivypanda.com/essays/technology-security-policy-ethics-and-the-legal-environment/.

1. IvyPanda. "Technology – Security Policy, Ethics, and the Legal Environment." April 18, 2019. https://ivypanda.com/essays/technology-security-policy-ethics-and-the-legal-environment/.


Bibliography


IvyPanda. "Technology – Security Policy, Ethics, and the Legal Environment." April 18, 2019. https://ivypanda.com/essays/technology-security-policy-ethics-and-the-legal-environment/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
1 / 1