StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information System Security Plans - Coursework Example

Cite this document
Summary
According to research findings of the paper “Information System Security Plans”, the greatest impact on the system comes from performances of individuals. Therefore, personal controls are enacted while environmental and physical protection is a critical requirement…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.1% of users find it useful
Information System Security Plans
Read Text Preview

Extract of sample "Information System Security Plans"

Information System Security Plans Information System Security Plans Information security has recently become an important aspect for both the press and media. The desire to have the applications in place has been pushed by the recent attacks that initiated the need to ensure the highest level of information security practices. The basic document in the security process has been the IT since it defines features and controls of the system security. The IT security plans support capital planning and the system life cycle efforts. They also support the risk management activities and certification as well as the accreditation of IT systems. For this reason, the security plans should be updated and prepared on an ongoing basis with up to date information concerning every agency’s information securities. Sources of Requirements for the Selected Plan Type The USDA agencies as well as the staff offices shall develop and maintain a program security plan that is an overall for all General support systems and major applications. The plans shall be made using tablets and instructions within the security plan guidance. Instructions and templates for the type of plan are provided in a table of security plan guidance. The table includes a section that assists agencies in the definition for General support system and their applications. There are also some modified templates for electronic submission of plans. After the completion of the annual security plan, all changes will be reflected in the agency software database according to the requirements of the policies. The agency administration is expected to submit a cover letter that contains plans attesting to the accuracy and completeness of the security plans. The letter should include information regarding the previous year’s deficiencies on whether they have been corrected (Disaster Recovery, 2010). Relationship between Organization Security Policies and the Plan The organization security policy entails the departments in responsibility of certain issues within the organization. The associate CIO for cyber security provides guidance, strategies and tools for assisting the USDA agencies in meeting the requirements of the plan that are to prepare an annual security plan for the security program, applications, and the general support system. The associate performs dynamic reviews of the annual security plan submissions. This is meant to ensure that all information regarding the security practices are completed and detailed. They provide feedback to every agency concerning the plans. The security plan, through the associated CIO should review all requests for policy exception and respond to the requesting officer in a timely manner. The associate should also perform an oversight review of agencies to ensure that information within the plan comply with the policy (Whitman and Mattord, 2011). The agency chief information officer within the plan must ensure that the agency administration signs the transmittal cover letter confirming to the correctness and completeness of the plans. The officer should also ensure that all business developers and owners are familiar with the requirements of an annual security plan. IT systems developers and business owners are responsible for the preparation of the plans. The chief information officer within the plan should develop and maintain an inventory for all information technology systems. They should determine data sensitivity and applications. They should also prepare a detailed plan for the overall security program and applications. The chief officer according to the organization security policy should submit the package to the cyber security officer, both electronically and in hard copy. Moreover, the same officer should also ensure that copies of security plans are well maintained in the staff office and that all IT systems have an adequate security control. Additionally, the policy within the organization is the employment of agency information systems security managers who should become familiar with all requirements of the security program in the organization. These managers should make sure that all agency security plans are handed in to the agency head with a letter for signature confirming the completeness and accuracy of the plans. Recommended format for the General Support System (GSS) plan The general support system is an interconnected information resource that falls under the same management control sharing a common functionality. Normally, it includes software, hardware, Applications, data, information, facilities people and communications. It provides support for different users or applications. A general support system can be a communications network or a tactical radio network. It can also be a departmental data processing center. An application in the plan requires special attention to security because of the intensity of the harm that may result from the misuse or loss of the information. The required format for the general support system includes the system identification that identifies the system in terms of date and type. Date is followed by the system name or title whereby, a unique name should be given to the system. Responsible organization for the system is also listed in the system identification part. Information conducts which include the name of persons knowledgeable about the system. These are written in the format of Name, Title, Address and Phone. The second section after the system identification is the system operational status; in this section, details with relevant periods are provided for any segment of the system that is under development or under modifications. Third is the general description of the plan. In this section, the purpose of the system is defined while describing the processing flow of the application starting from its input to its output. There is still a list of organizations and the type of data provided. System environment is also included in the format where information is provided on a general description of the system. Any relevant environmental or technical factors are included. In the same section, there is information on any security software that protects the system and information. The last section of the general support system plan includes the information sharing or the system interconnection. System identifiers and the interconnected systems are listed. In case of connections to the external system, a short discussion of any security concerns to be considered are provided. In this case, a written authorization is required and the same should be obtained before performing connections with other systems or sharing any sensitive data (Whitman and Mattord, 2011). The authorization details rules and behaviors that should be observed by the interconnecting systems. The rules must also be described and the description accompanied with the plan. Content Requirements for the General Support System (GSS) Plan The general support system begins with the operational controls. These address the security mechanisms and focus on methods that are implemented and performed by people. The controls are placed to improve the security of the system. They require much expertise and rely much on the management activities and the technical controls. This section describes the operational control measures that are intended to the requirements for protection of the general support system (Disaster recovery, 2010). The greatest impact on the system comes from performances of individuals. Therefore, the personal controls are enacted while the environmental and physical protection is a critical requirement. The production controls that include the input and outputs are also included in the key requirements. In this section, a synopsis is provided for the procedure that supports the GSS. There is the contingency planning which is an appropriate backup that ensures the continuity of support in the event of system failure. Hardware and software maintenance and integrity controls, records, security awareness, and training and the incidence response capability are some major sections required within the general support system plan. The main purpose of the system security plan is to provide an overview of the security requirements of a system and describing the controls placed the responsibilities and the behavior for the people who access the system. References Disaster recovery. (2010). Clifton Park, NY: Cengage Learning. Whitman, M. E., & Mattord, H. J. (2011). Roadmap to information security: For IT and InfoSec managers. Boston, MA: Course Technology/Cengage Learning. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Information System Security Plans Report Example | Topics and Well Written Essays - 1250 words, n.d.)
Information System Security Plans Report Example | Topics and Well Written Essays - 1250 words. https://studentshare.org/information-technology/1831508-information-system-security-plans
(Information System Security Plans Report Example | Topics and Well Written Essays - 1250 Words)
Information System Security Plans Report Example | Topics and Well Written Essays - 1250 Words. https://studentshare.org/information-technology/1831508-information-system-security-plans.
“Information System Security Plans Report Example | Topics and Well Written Essays - 1250 Words”. https://studentshare.org/information-technology/1831508-information-system-security-plans.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information System Security Plans

Security Plan for ABC Information Systems

This paper ''Security Plan for ABC Information Systems'' tells that an information system forms a fundamental component in the provision of communication services to human beings.... However, adequate planning enables the organization to develop an effective information system.... No duplication or any reproduction of this security plan information system document should be done without permission from the author.... 9 Security Plan for ABC Information Systems Introduction An information system forms a fundamental component in the provision of communication services to human beings....
15 Pages (3750 words) Research Paper

Information Security Program Survey

Since the NASA needs to manage highly sensitive data, information, strategic plans, and space programs, the organization pays particular attention to its information security program.... Information security Program Survey (Name) (University) (Date) Information security Program Survey Introduction The National Aeronautics and Space Administration (NASA) is the United States' agency to manage the nation's aerospace research, aeronautics, and other civilian space programs....
4 Pages (1000 words) Essay

The Rookie Chief Information Security Officer

The study "The Rookie Chief Information security Officer" provides a quality assurance received by the vendor - ISO certified, employee protection for employee areas, three information security policies that could be developed and practiced within the organization for data security assurance.... The main objective of this paper is to provide a well-designed IT security plan with modern security measures that would help in maintaining a proper database system in the organization (Stoyles, Pentland & Demant, 2003)....
10 Pages (2500 words) Case Study

A Plan for Restoration and Recovery for Information Systems

The person in charge of managing FLPD's Information Systems Unit (ISU) observes and evaluates staff members who work with the information system ... Though the risks of information systems are known among systems operators, protection plans are far and few between.... Wilcot (2004) points out the haphazard security of information systems: “In most agencies, security is relegated to someone in the information services (IS) department, who usually has many other duties....
7 Pages (1750 words) Case Study

Information System Security Plans

“NIST SP 800-53 contains the management, operational, and technical safeguards or countermeasures prescribed for an information system” (Swanson, Hash & Bowen, 2006).... A nation can protect itself from threats and reach the top echelons only if its security system is made optimal and effective without any chance of loopholes.... This is where the role of a security plan assumes significance.... A foolproof security plan for the nation's federal… cies and other governmental organizations can enable it to function securely and efficiently thereby giving the nation an ‘edge' over other nations....
5 Pages (1250 words) Research Paper

A Key Concept in Information Systems

Consequently, a key concept in information systems is ensuring privacy, confidentiality, accuracy and completeness through information system security (Peltier, 2013).... With the increasing threats to information systems from external and internal sources, these organizations must ensure availability or reliable information security plans that address personal users of the systems, the... Additionally, information systems have environments, boundaries purpose and interactions in which they operate....
5 Pages (1250 words) Term Paper

Role of Computer and Information Security in Defining Current National Security Issues

"Role of Computer and Information security in Defining Current National security Issues" paper states that the use of computers and information availability has highly resulted in many national insecurity issues in many countries, hence affecting most of these countries economically and socially.... nbsp;… The global advancement of internet and computer-networking development as well as information availability plays a vital role in defining the current national security issues....
8 Pages (2000 words) Coursework

Issues Related to Security Interoperability and Operations

This case study "Issues Related to security Interoperability and Operations" focuses on the issues faced by Banking Solutions Inc, a number of them are related to security, interoperability, and operations.... More importantly, the best IT security controls would be the one giving way to the promotion of objectives as well as measurable progress indicators in aspect like information security, item progress, and operations among others....
8 Pages (2000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us