The Federal Information Security Management Act of 2002 (FISMA) mandates that each federal agency develop a program to provide information security for data and systems that support the agency's functions.
And while agencies have had varying success meeting the demands of FISMA, the Obama Administration has ushered in a new wave of information security proponents eager to bolster these programs and create a new, higher level of cybersecurity throughout government.
But how does an agency first benchmark, then strengthen, its information security program?
Patrick Howard, a veteran security leader who currently oversees information security operations at the Nuclear Regulatory Commission (NRC), proposes a 10-step program to ensure solid protection. In this exclusive webinar, Howard will outline these 10 critical steps, including:
Develop the Security Program and Policy - How to define the security program; adopt best practices; assign roles and responsibilities.
Manage Security Risks - How to determine what needs to be protected; identify threats to security and privacy of information assets; manage remediation of weaknesses.
Provide User Awareness, Training and Education - How to offer new employee training; ongoing user awareness; security staff education/certification.
Respond to Incidents - How to create an effective incident response plan; law enforcement notification; customer breach notification; forensics and preservation of evidence.
Other areas Pat will touch upon:
- Plan for Security
- Organize for Security
- Establish and Enforce System Access Controls
- Implement Configuration Management Process
- Monitor Security Posture
- Plan for Contingencies