StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security Program Survey - Essay Example

Cite this document
Summary
The paper "Information Security Program Survey" states that while analyzing the breadth and coverage of the information security program, it seems that the major components such as people, processes, and technologies do not notably contribute to the efficiency of systems and networks. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93% of users find it useful
Information Security Program Survey
Read Text Preview

Extract of sample "Information Security Program Survey"

? Information Security Program Survey Information Security Program Survey Introduction The National Aeronautics and Space Administration (NASA) is the United States’ agency to manage the nation’s aerospace research, aeronautics, and other civilian space programs. As per 2011 NASA strategic plan, NASA’s mission is to “drive advances in science, technology, and exploration to enhance knowledge, education, innovation, economic vitality, and stewardship of Earth”. Safety, integrity, teamwork, and excellence are the core values of this government agency. Since the NASA needs to manage highly sensitive data, information, strategic plans, and space programs, the organization pays particular attention to its information security program. This paper will analyze NASA’s information security program focusing on aspects like strategic fit, breadth and coverage, program deficiencies or implementation issues, and stated costs and benefits. NASA Information Security Program The NASA IT Security (ITS) Division operations under the control the Chief Information Officer to manage security projects and thereby to mitigate vulnerabilities, improve obstacles to cross-center collaboration, and to provide cost effective IT security services for supporting the agency’s systems and e-Gov initiatives. The ITS Division works to ensure that IT security across the organization meets integrity and confidentiality to enhance disaster recovery and continuity of operations. “The ITS Division develops and maintains an information security program that ensures consistent security policy, indentifies and implements risk-based security controls, and tracks security metrics to gauge compliance and effectiveness” (IT Security Division). This Division also performs periodical audits and reviews to make certain that security policies and procedures meet accepted standards. It is clear that NASA extensively relies on information systems and networks to manage its activities such as scientific discovery, aeronautics research, and space exploration. Since many of these information systems and networks are interconnected using internet, they are more likely to be threatened by cyber attacks from different sources. While analyzing the strategic fit of the NASA’s information security program, it seems that the program cannot well support the organization’s goals and objectives due to several security pitfalls. Although the organization has achieved significant advancements in information security program management and security control implementation, it is still vulnerable to cyber attacks. According to the GAO report, NASA has not always implemented proper control measures to ensure the confidentiality and integrity of its systems and networks that support the organization’s mission directorates. As a result, the organization often fails to sufficiently prevent, restrict, and detect unauthorized access to its systems and networks (GAO). The major pitfall of the NASA’s information security program is that it has not been consistent in identifying and authenticating users and limiting user access to its key systems and networks. The organization cannot effectively encrypt its network services and data and often fails to protect its network boundaries. It is alarming to note that the organization has even failed to protect its information technology resources physically. In addition, shortcomings in the auditing and monitoring of computer-related events also contributed to the organization’s information security inefficiency. The organization also faces challenges in effectively segregating incompatible duties and managing system configurations. The key reason for those inefficiencies in NASA’s information security program is that the organization is yet to implement some key activities to make certain that control measure are appropriately developed and functioning efficiently. The organization does not give specific focus to complete assessment of information security risks always and therefore many security threats go unnoticed. In addition, it has not designed or documented extensive security policies and procedures and not included key information in security plans to manage information systems and networks effectively. Considering the sensitivity of activities undertaken by NASA, the organization has not performed comprehensive assessments of its information system controls. In addition, the NASA does not specifically focus on tracking the status of operational plans to find solutions to known weaknesses and planning for unforeseen contingencies and disruptions in service. Another major reason for the weakness is that the organization’s information security program does have capabilities for detecting, reporting, and responding to security incidents. Therefore, it is obvious that NASA’s information security program is not very effectively mainly as a result of serious implementation issues. While analyzing the breadth and coverage of the information security program, it seems that the major components such as people, processes, and technologies do not notably contribute to the efficiency of systems and networks. To illustrate, NASA reported 1,120 security incidents over the fiscal years 2007 and 2008 that led to malicious software installation on its systems and unauthorized access to highly confidential information (GAO). The Security Operations Center established by NASA in 2008 was also not effective in preventing unauthorized access to the organization’s sensitive information. It is identified that control vulnerabilities and other program shortfalls increase the risk of unauthorized access to NASA’s systems and networks. Considering the huge costs spent by NASA each year to improve security of its systems, networks, and information, it can be stated that the benefits of NASA’s information security system do not outweigh the costs budgeted. Worksheet: Information Security Program Survey Security Area Responsible Party / Office of Primary Responsibility (OPR) Known Vulnerabilities / Risks Countermeasures / Risk Mitigation Strategy Acquisition (systems/services)       Asset management       Audit and accountability  IT Security Division  Poor auditing of computer-related events  Timely audit and review of systems and networks to detect security incidents. Authentication and authorization  IT Security Division  Fail to authenticate users and limit users’ access to key systems and networks  Well monitored authentication and authorization of users Business continuity       Compliance management  IT Security Division  The information security program often fails to comply with accepted standards  Appointment of project supervisors to ensure effective compliance management Configuration control       Data       Hardware       Identity management       Incident management  IT Security Division  The prevalence of security incidents has been increased  Improving the operational efficiency of Security Operations Center Maintenance procedures  IT Security Division  Lack of extensive security procedures  Development of well defined and comprehensive procedures Media protection and destruction       Network  IT Security Division  Network is exposed to unauthorized access and cyber attacks Development of strong security systems to mitigate network exposure  Planning       Personnel       Physical environment  IT Security Division  Even information technology resources are not appropriately protected.  Strict monitoring over the physical environment. Policy  IT Security Division  Lack of extensive security policies.  Development of high standard security policies Operations       Outsourcing       Risk assessments  IT Security Division  Poor performance of risk assessment systems like Security Operations Center  Establishing a special team to deal with risk assessment. Software       Training       Conclusion From the above discussion, it is clear that NASA’s information security program performs poorly in terms of threat detection and securing systems and networks. Ineffective program implementation is the major reason contributing to the inefficiency of this information security program. A cost-benefit analysis indicates that the benefits of NASA’s information security program are poor compared to the cost spent for it. References 2011 NASA strategic plan. Retrieved from http://www.nasa.gov/pdf/516579main_NASA2011StrategicPlan.pdf NASA IT Security Division. Retrieved from http://www.nasa.gov/offices/ocio/itsecurity/ GAO. NASA Needs to Remedy Vulnerabilities in Key Networks. Report to Congressional Committees. Retrieved from http://www.gao.gov/new.items/d104.pdf Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Information Security Program Survey Essay Example | Topics and Well Written Essays - 1000 words”, n.d.)
Retrieved from https://studentshare.org/information-technology/1485056-information-security-program-survey
(Information Security Program Survey Essay Example | Topics and Well Written Essays - 1000 Words)
https://studentshare.org/information-technology/1485056-information-security-program-survey.
“Information Security Program Survey Essay Example | Topics and Well Written Essays - 1000 Words”, n.d. https://studentshare.org/information-technology/1485056-information-security-program-survey.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information Security Program Survey

Food Insecurity in Canada and the United States

The problems concerning food insecurity are conceptualized on the basis of survey data and census track information related to Binghamton area of New York, and methods of resolving the problems are formulated.... Further, problems and solutions related to food insecurity conceptualized for Binghamton area of New York will be conceptualized on the basis of a survey conducted and census information.... Economic policy and program regimes that support the fundamental factors related to food security are capable of reducing health inequalities....
8 Pages (2000 words) Research Paper

State of Maryland Information Security Program Survey

State of Maryland Information Security Program Survey Name Institution Introduction State of Maryland is one of the States in the United States, made up of several agencies.... of Maryland Information Security Program Survey Introduction of Maryland is one of the s in the United s, made up of several agencies.... The accomplishment of the objectives of the State of Maryland fits into the information security program, which recognizes the role of information systems in streamlining various processes....
3 Pages (750 words) Research Paper

Improwing Service Delivery in University of Derby

Project the necessary security facilities and assistance that the university can provide to foreign and local students.... Charles Fletcher Jr (2005) stated that the University of Delaware has built a comprehensive identity management infrastructure using Siemens' HiPath security solutions.... The system provides a single point of access that processes requests when enabling and revoking users' security privileges.... (2001) discussed the establishment of the department of corporate security services for John Hopkins Medical Center in 1994....
4 Pages (1000 words) Research Proposal

The Development Information Security

It not only defines a particular security program in order to provide a foundation for security system but also satisfies particular needs of the organization.... Consequently, this ever-increasing security threat has led to the development of numerous information security standards.... This security framework provides steps to establish best suited information security Management System (ISMS) for SMEs.... This essay describes increasing trend of digitized information, globalization of markets and resources has accelerated the incident of data loss and security issues....
25 Pages (6250 words) Essay

The impact of Compliance on an organisations existing information technology security

Keeping the importance of information security and its relevance in today's market place and market space, the present paper aims to explore “The Impact of Compliance on an organization's existing information security policy.... How compliance as an essential component of information security policy originated?... Lastly, the positive impacts of compliance and negatives of non-compliance to IT security has been presented with the help of survey results conducted on major international companies from all sectors....
20 Pages (5000 words) Research Paper

Importance of Security Survey or Audit

Over the years, increased emphasis on security has created a safe environment that often Running Head: Importance of Security survey Importance of Security survey or Audit of the of the of the Professor][Course]AbstractSecurity Surveys or Audit can be considered as the current need of all business activities across the world.... athering Information for the SurveyA security survey is an examination and analysis of a business along with assessing the existing security and its importance and deficiencies....
2 Pages (500 words) Essay

Information Systems Security Survey

As a result, the Federal Information Security Management Act (FISMA) states that every agency should form, record and implement a security program for the whole information system that seeks to promote the organizational assets with minimum risks (Grance, 2003).... As a result… IRS has an information security risk management program that is mainly constructed to balance the company's security duties alongside other business duties.... According to previous reports of IRS the recurring cases of information security weakness puts it at a risk of fraud, disruption or inappropriate disclosure of sensitive information....
3 Pages (750 words) Essay

Cyber Security Job Vacancies

Cyber security jobs vacancies are quite difficult to fill, as there are more than one million unfilled positions in the world, according to the 2014 statistics.... There are strategies for filling the positions by some companies such as Symantec Cyber security Career Connection in… Among the trainees, will be adult women who will help fill the vacant positions globally.... The training will assist in the protection of the information for various users such as companies, organizations, as well as individuals and governments and ensure that women remain in the cyber security job for long....
4 Pages (1000 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us