We Could Learn From the Czechs
I learned a few lessons over the weekend about financial sec…
GovInfoSecurity.com Site Map
Articles Agency Releases Webinars
Agencies
These government regulatory bodies guide and govern the behavior of public and private organizations.Defense Department - Department of Defense operates some of the most critical information systems in government
Energy Department - The Energy Department has created a number of rules and processes governing IT security.
Government Accountability Office - The Government Accountability Office (GAO), the investigative arm of Congress, conducts agency IT management and security audits
Homeland Security Department - Department of Homeland Security is actively engaged in protecting federal government IT systems and the nation's critical IT infrastructure.
Inspectors General - Each department's inspector general regularly audits IT systems to assure they comply with government rules and regulations
Law Enforcement - Institutions such as the FBI and Secret Service manage systems that must securely share data with each other and those in the states
National Security Agency - National Security Agency (NSA) collects and analyzes foreign communications and monitors federal networks to protect them against attacks
NIST - Commerce's National Institute of Standards and Technology develops IT security standards for federal agencies and business
Office of Management and Budget - The White House Office of Management and Budget (OMB) directs federal agencies how best to manage and secure their IT systems
US-CERT - Homeland Security's United States Computer Emergency Readiness Team coordinates the response to security threats from the Internet.
Audits Investigations Reports
The government regularly conducts audits of agency and departmental IT systems to assure they comply regulations and laws.GAO - Government Accountability Office (GAO) is the investigative arm of Congress, and among its responsibilities is conducting IT management and security audits.
Inspectors General - Each agency has its own inspector general who conducts IT security and other audits.
Business Continuity & Disaster Recovery
Business Continuity/Disaster Recovery refer to strategies to prepare for and survive disruptions from man-made and natural disastersPandemic Preparation - Regulators require institutions to address pandemic preparation in their business continuity plans.
Collaboration & Interagency
Government leaders realize a more efficient way to secure systems and protect privacy is to work across agency linesCIO Council - A forum of departmental CIOs charged with improving practices in the design, performance and sharing of federal information resources
Information Sharing - Policies and programs aimed at sharing information and ideas among organizations in and out of government
Congress
The federal legislature creates the laws that govern IT security and privacy and provides oversight to assure compliance with themCommittees and Testimonies - Committees, Subcommittees & Testimonies
Legislation - Bills before Congress aimed at regulating how to secure IT systems and protect citizens' privacy
Contracts
A proportion of government work to create and manage IT and assure its security involves contracting with private businessesFederal Acquisition Streamlining Act of 1994 - Act simplifies procurement procedures where the procurement is limited, facilitates reliance of commercial, off-the-shelf technology and promotes the use of fixed price performance-based contracting. The law alters procurement strategy from lowest bid to best value.
Governance & Standards
Common processes and industry standards employed to assure best practices in securing information systems and assuring privacy.COSO - The Committee of Sponsoring Organizations of the Treadwell Commission is dedicated to improving the quality of financial reporting.
DIACAP - The Defense Department Information Assurance Certification and Accreditation Process is the United States Department of Defense process to ensure that risk management is applied on information systems. DIACAP defines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the certification and accreditation) of a DoD IS that will maintain the information assurance posture throughout the system's life cycle.
FISMA - Federal Information Security Management Act bolsters government IT security by requiring yearly audits of agencies and contractors
Laws, Regulations & Directives
Federal rules, regulation and directives focused on managing and securing government information systems and safeguarding employee and citizen privacy.Clinger-Cohen Act - The Clinger-Cohen Act is designed to improve the way the federal government acquires, uses and disposes information technology
E-Government Act - The E-Government Act established measures that require using Internet IT to improve citizen access to government information and services
FACTA - The Fair and Accurate Credit Transactions Act contains provisions to help reduce identity theft and fraudulent applications for credit.
FISCAM - Federal Information System Controls Audit Manual describes the controls to be considered when assessing the integrity and confidentiality of data
HIPAA - Health Insurance Portability and Accountability Act establishes standards for electronic health care transactions
Leadership & Management
Techniques and tips for growing your expertise as a security executive.Budgeting & Funding - Polices, processes, rules and legislation regarding the budgeting and funding of government IT security and privacy programs
Staff & Recruitment - Content relating to the recruitment, hiring and supervision of employees and managers.
Physical Security
Physical information security concerns the protection of data from non-electronic means such as physical attacks or thefts.Privacy
Policies, procedures and technologies aimed at safeguarding personal identifiable information on information systems and networksRisk Management
Risk Management is the process of measuring or assessing risk and developing strategies to manage it.Incident Response - The formal reaction to a security breach, i.e. a physical or electronic hack. Includes forensics, eDiscovery and other tactics necessary in the wake of a security breach.
Information Security Compliance - Policies and procedures that enable compliance with government, industry and corporate information security standards.
Insider Threat - The risk that current, former or contract employees might abuse system access to compromise data, operations or security.
Risk Assessment - Risk assessment measures the magnitude of potential loss and the probability that loss will occur
Vendor Management - Ensuring that service providers adhere to the same information security standards by which your institution abides
Technology
Evolving technologies must be implemented in a secure manner for projects to succeedApplication Security - Application security involves safeguarding programs in their development, implementation and operation.
Authentication - Ensuring that systems are accessed only by the properly-authorized individuals
Biometrics - Biometric technologies recognize and authenticate specific human characteristics, including fingerprints and retinal scans
Cloud Computing - Cloud computing allows access to applications and data over the Internet.
Data Loss - Tools to prevent loss of critical data in an information systems disaster
Encryption - Encryption is the process of obscuring information to make it unreadable without special technologies
Endpoint Security - Endpoint security is an information security concept in which each device (endpoint) is responsible for its own security.
Fraud - Tools that help detect fraud on IT systems.
Governance, Risk & Compliance - Tools that help managers address IT governance, risk and compliance issues.
ID & Access Management - Tools to ensure that systems and networks are open only to the right people at the right times
Messaging - E-mail, instant and text-messaging and other forms of electronic communications that are highly vulnerable to attack
Mobile & Wireless - Tools and processes to enable the secure mobile and wireless computing, especially over the Internet
Network & Perimeter - Network is the IT system needed to conduct business. Perimeter is the border between an organization and other networks
SIM & SEM - Security Information Management and Security Event Management tools.
Social Media - Facebook, LinkedIn and Twitter are now part of our professional lives. What are the risks?
Storage - Systems to store and preserve critical business information in a secure environment
Unified Threat Management - Unified threat management is used to describe network firewalls that have many features in one box, including e-mail spam filtering, anti-virus capability, an intrusion detection or prevention system, and World Wide Web content filtering, along with the traditional activities of a firewall.
Virtualization - Partitioning the computer's memory into separate and isolated virtual mchines simulates multiple machines within one physical computer. Application virtualization refers to several techniques that make running applications more protected, more flexible or easier to manage.
Web Security - Technologies and processes aimed at protecting Internet accounts and files from intrusion by unknown users
Training & Education
Features for enhancing your own information security education, as well as for improving awareness among employees and customers.White House
The White House is the center of federal government activities involving the creation of policies regarding the management and securing of government IT systems.Cybersecurity - Cybersecurity policy for the federal government originates in the White House.
Office of Management & Budget - The Office of Management and Budget oversees executive agency compliance with IT security policies and regulations.
Topics of Interest
Legislation
- GovInfoSecurity.com Week In Review for Friday, Aug. 27, 2010
- Reasoning Behind Enhancing DHS Infosec Prowess
Cybersecurity
- Seven Practical Steps for Federal Cyber Security and FISMA Compliance
- Senator Gives White House 'Incomplete'
on Cybersecurity Performance
Collaboration & Interagency
Latest Tweets & Mentions
GovInfoSecurity.com Research
Recent Blog Entries
Vendor Solutions
-
Solutions For:
Content Management/ Filtering, Data Privacy, Network Security
-
Solutions For:
Authentication, Biometrics, Fraud Detection
