|
Federal Information Security Management Act
The Federal Information Security Management Act of 2002 (FISMA, , ''et seq.'') is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (, ). The act recognized the importance of information security to the economic and national security interests of the United States. The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. FISMA has brought attention within the federal government to cybersecurity and explicitly emphasized a "risk-based policy for cost-effective security." FISMA requires agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency's information security program and report the results to Office of Management and Budge ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Computer Security Act Of 1987
The Computer Security Act of 1987, Public Law No. 100-235 (H.R. 145), (Jan. 8, 1988), was a United States federal law enacted in 1987. It was intended to improve the security and privacy of sensitive information in federal computer systems and to establish minimally acceptable security practices for such systems. It required the creation of computer security plans, and appropriate training of system users or owners where the systems would display, process or store sensitive information. History It was repealed by the Federal Information Security Management Act of 2002 SEC. 305. (a) Provisions * Assigned the National Institute of Standards and Technology (NIST, At the time named National Bureau of Standards) to develop standards of minimum acceptable practices with the help of the NSA The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The N ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
National Institute Of Standards And Technology
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical science laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901 to 1988, the agency was named the National Bureau of Standards. History Background The Articles of Confederation, ratified by the colonies in 1781, provided: The United States in Congress assembled shall also have the sole and exclusive right and power of regulating the alloy and value of coin struck by their own authority, or by that of the respective states—fixing the standards of weights and measures throughout the United States. Article 1, section 8, of the Constitution of the United States, ratified in 1789, granted these powers to the new Congr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Government Accountability Office
The U.S. Government Accountability Office (GAO) is a legislative branch government agency that provides auditing, evaluative, and investigative services for the United States Congress. It is the supreme audit institution of the federal government of the United States. It identifies its core "mission values" as: accountability, integrity, and reliability. It is also known as the "congressional watchdog". Powers of GAO The work of the GAO is done at the request of congressional committees or subcommittees or is mandated by public laws or committee reports. It also undertakes research under the authority of the Comptroller General. It supports congressional oversight by: * auditing agency operations to determine whether federal funds are being spent efficiently and effectively; * investigating allegations of illegal and improper activities; * reporting on how well government programs and policies are meeting their objectives; * performing policy analyses and outlining options for ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SANS Institute
The SANS Institute (officially the Escal Institute of Advanced Technologies) is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS stands for SysAdmin, Audit, Network, and Security. Programs The SANS Institute sponsors the Internet Storm Center, an internet monitoring system staffed by a community of security practitioners, and the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OMB Circular A-130
OMB Circular A-130, titled Managing Information as a Strategic Resource, is one of many Government circulars produced by the United States Federal Government to establish policy for executive branch departments and agencies. Circular A-130 was first issued in December 1985 to meet information resource management requirements that were included in the Paperwork Reduction Act (PRA) of 1980. Specifically, the PRA assigned responsibility to the OMB Director to develop and maintain a comprehensive set of information resources management policies for use across the Federal government, and to promote the application of information technology to improve the use and dissemination of information in the operation of Federal programs.(See "Background" section of Circular's Transmittal Memorandum No. 2 for brief historical information/ref> The initial release of the Circular provided a policy framework for information resources management (IRM) across the Federal government. Since the time of ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Control
Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information. Systems of controls can be referred to as frameworks or standards. Frameworks can enable an organization to manage security controls across different types of assets with consistency. Types of security controls Security controls can be classified by various criteria. For example, controls are occasionally classified by when they act relative to a security breach: *Before the event, preventive controls are intended to prevent an incident from occurring e.g. by locking out unauthorized intruders; *During the event, detective controls are intended to identify and characterize an incident in progress e.g. by sounding the intruder alarm and alerting the security guards or police; *Afte ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Vulnerability (computing)
Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface. Vulnerability management is a cyclical practice that varies in theory but contains common processes which include: discover all assets, prioritize assets, assess or perform a complete vulnerability scan, report on results, remediate vulnerabilities, verify remediation - repeat. This practice generally refers to software vulnerabilities in computing systems. Agile vulnerability management refers preventing attacks by ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Threat (computer)
In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application. A threat can be either a negative " intentional" event (i.e. hacking: an individual cracker or a criminal organization) or an "accidental" negative event (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster event such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.Internet Engineering Task Force RFC 2828 Internet Security Glossary This is differentiated from a threat actor who is an individual or group that can perform the threat action, such as exploiting a vulnerability to actualise a negative impact. A more comprehensive definition, tied to an Information assurance point of view, can be found in "''Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Informa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
NIST Special Publication 800-53
NIST Special Publication 800-53 provides a catalog of security and privacy controls for all U.S. federal information systems except those related to national security. It is published by the National Institute of Standards and Technology, which is a non-regulatory agency of the United States Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Modernization Act of 2014 (FISMA) and to help with managing cost effective programs to protect their information and information systems.Ross, et al., p. 4 Two related documents are 800-53A and 800-53B which provide guidance, and baselines based on 800-53. Purpose NIST Special Publication 800-53 is part of the Special Publication 800-series that reports on the Information Technology Laboratory'sITL research, guidelines, and outreach efforts in information system security, and on ITL's activity with industry, government, an ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FIPS 199
FIPS 199 (Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and Information Systems) is a United States Federal Government standard that establishes security categories of information systems used by the Federal Government, one component of risk assessment. FIPS 199 and FIPS 200 are mandatory security standards as required by FISMA The Federal Information Security Management Act of 2002 (FISMA, , ''et seq.'') is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (, ). The act recognized the importance of information security to the eco .... FIPS 199 requires Federal agencies to assess their information systems in each of the confidentiality, integrity, and availability categories, rating each system as low, moderate, or high impact in each category. The most severe rating from any category becomes the information system's overall security categorization. External links * ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
System
A system is a group of Interaction, interacting or interrelated elements that act according to a set of rules to form a unified whole. A system, surrounded and influenced by its environment (systems), environment, is described by its boundaries, structure and purpose and expressed in its functioning. Systems are the subjects of study of systems theory and other systems sciences. Systems have several common properties and characteristics, including structure, function(s), behavior and interconnectivity. Etymology The term ''system'' comes from the Latin word ''systēma'', in turn from Greek language, Greek ''systēma'': "whole concept made of several parts or members, system", literary "composition"."σύστημα" Henry George Liddell, Robert Scott, ''A Greek–English Lexicon'', on Per ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Information System
An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, store, and distribute information. From a sociotechnical perspective, information systems are composed by four components: task, people, structure (or roles), and technology. Information systems can be defined as an integration of components for collection, storage and processing of data of which the data is used to provide information, contribute to knowledge as well as digital products that facilitate decision making. A computer information system is a system that is composed of people and computers that processes or interprets information. The term is also sometimes used to simply refer to a computer system with software installed. "Information systems" is also an academic field study about systems with a specific reference to information and the complementary networks of computer hardware and software that people and organizations use to collect, filter, process, cr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
