State of Maryland Information Security Program Survey - Research Paper Example

of Maryland Information Security Program Survey Introduction of Maryland is one of the s in the United s, made up of several agencies. The State of Maryland strives to promote itself as one of the best states where visitors and citizen can enjoy living, playing, studying and working within the state (About Maryland.gov , n.d) The State of Maryland has made a significant attempt to provide both visitors and citizen’s access to information that are critical for the attainment of specific objectives.

In addition, the State of Maryland works with several agencies that execute various functions on its behalf. Consequently, the State of Maryland has high regard to information assets and information exchange to the extent that it has a security policy document to govern these processes. The accomplishment of the objectives of the State of Maryland fits into the information security program, which recognizes the role of information systems in streamlining various processes. Analysis Strategic fit: There is a strong correlation between the information the security program of the State of Maryland and its goals and objectives.

The following areas of security illustrate this connection. a) Asset management: First, the State of Maryland aims at providing citizens and users with information about various opportunities found within the state. As a result, the State of Maryland makes use of various information assets. In its information security program, the State of Maryland specifies how its agencies should handle government assets, classify information, and disseminate information. b) Business continuity: On business continuity, the State of Maryland aims at providing information to visitors and citizens on a need basis.

Therefore, the state’s information security program outlines various risk management initiatives, which reinforce its strategic goal of providing business continuity among its agencies. The identification and inclusion of risk management in the information security program are a fit with the States goal of ensuring availability of information for all users. c) Media protection: Section of the information security program such as media protection underscores the state's preparation to protect confidential information.

Being the overall head of various government agencies, the State of Maryland aims at protecting confidential information meant for privileged use. Indeed, the security information program provides an elaborate procedure for protecting media before transport, disposal, or reuse. d) Authentication and authorization: One goal of State of Maryland is providing users with appropriate information while restricting access to systems mean for privileged use. With regard to this goal, the security information document outlines how the state of agencies can enforce access control using users' account and other procedures that enhance confidentiality through authentication and authorization.

This feature demonstrates that the security document fits well with the state’s goals. e) Breadth and coverage of information security program This analysis on the information security program found that it had elaborate breadth and coverage of several areas of security. First, the information security program covered issues of asset management in an elaborate way. Gibson (2011) argues that asset management requires documentation of all types of assets within an organization. The information security program establishes that all assets should have owners, who will ensure that the assets are protected.

In addition, the information security program outlines that owners will carry out processes such as inventory of assets and classification of assets. Moreover, the program cites the use of security controls such as authorization as a way of preventing the use of classified assets. The use of other technologies such as encryption in protecting assets such as agency information underscores the breath and coverage of asset management in the information security. On business continuity, the information security program highlights the role of various agencies in conducting risk management.

Further, it divides the activity into a three-step process: assessment, mitigation, and evaluations. These steps are similar to those IT organizations use to determine and mitigate risks (Stein, 2006). Apart from outlining the procedures of carrying out risk assessment for business continuity, the information security program highlight technologies that agencies can use in monitoring use of information systems. The security program emphasizes on technologies such as monitor/control system. The security program is elaborate on media protection.

The information security program identifies all agencies within the state as responsible for protecting media with information. The program calls for the use of tracking procedures to prevent the release of media with classified information. It also identifies technologies such as hard drive sensitization technologies that can help destroy data from media (Department of information technology, 2011). Most important, the information security program highlights the role of encryption in preventing availability of information to unauthorized users.

The information security program has a detailed coverage of authentication and authorization aspects of the state’s information system. The security program argues that agencies must vet users and approve their actions through identification and authorization process. This aspect of the information security program covers users of public information and those of confidential information. Similarly, the information security program outlines that agencies must enforce process that requires users to change their details regularly and consent to terms of usage.

In addition, this section of the information security program argues that the state’s agencies must use information systems and technologies to enforce authorization and allow logging of all user activities (Department of information technology, 2011). Review of logs, and other audit information is some of the essential procedures necessary for effective use of authentication and authorization elements of the information security report. Implementation issues The analysis of the information security program did not yield any implementation issues affecting any aspect of the report.

Cost and benefit of a program The information security program has immense cost and benefit associated with several aspects of the report. First, the program will require increase participation among agencies who will implement the program. These agencies will work in the state of Maryland to meet the state’s goals and objectives. In addition, the program will also require the use of resources both human and material during the implementation of the project. On the other hand, the project will provide immense benefits such as making information available to the correct users.

Moreover, the program will ensure that state information retain their integrity during use. Most significant, the program will promote accountability for the use of state resources. Summary and Conclusion The State of Maryland aims at promoting itself as one of the best states where citizens can work live and visit. Its information security program support these goals at it governs the use of information assets. The program elaborates how agencies can accomplish media protection, authentication and authorization, business continuity and asset management.

While the report calls for extra involvement of state agencies, it promises integrity, confidentiality, and accountability for the use of information assets in State of Maryland. References About Maryland.gov. (n.d.). Maryland.gov. Retrieved September 2, 2012, from http://www.maryland.gov/pages/About.aspx Department of information technology (2011). Information security Policy. Maryland. Retrieved September 2, 2012, from http://doit.maryland.gov/support/Documents/security_guidelines/DoITSecurityPolicy.

pdf Gibson, D. (2011). Managing risk in information systems. Sudbury, MA: Jones & Bartlett Learning. Stein, R. T. (2006). The computer system risk management and validation life cycle. Chico, CA: Paton Press.