Saturday, July 27, 2019
Information Security Program Survey Essay Example | Topics and Well Written Essays - 1000 words
Information Security Program Survey - Essay Example Since the NASA needs to manage highly sensitive data, information, strategic plans, and space programs, the organization pays particular attention to its information security program. This paper will analyze NASAââ¬â¢s information security program focusing on aspects like strategic fit, breadth and coverage, program deficiencies or implementation issues, and stated costs and benefits. NASA Information Security Program The NASA IT Security (ITS) Division operations under the control the Chief Information Officer to manage security projects and thereby to mitigate vulnerabilities, improve obstacles to cross-center collaboration, and to provide cost effective IT security services for supporting the agencyââ¬â¢s systems and e-Gov initiatives. The ITS Division works to ensure that IT security across the organization meets integrity and confidentiality to enhance disaster recovery and continuity of operations. ââ¬Å"The ITS Division develops and maintains an information security pro gram that ensures consistent security policy, indentifies and implements risk-based security controls, and tracks security metrics to gauge compliance and effectivenessâ⬠(IT Security Division). This Division also performs periodical audits and reviews to make certain that security policies and procedures meet accepted standards. It is clear that NASA extensively relies on information systems and networks to manage its activities such as scientific discovery, aeronautics research, and space exploration. Since many of these information systems and networks are interconnected using internet, they are more likely to be threatened by cyber attacks from different sources. While analyzing the strategic fit of the NASAââ¬â¢s information security program, it seems that the program cannot well support the organizationââ¬â¢s goals and objectives due to several security pitfalls. Although the organization has achieved significant advancements in information security program manageme nt and security control implementation, it is still vulnerable to cyber attacks. According to the GAO report, NASA has not always implemented proper control measures to ensure the confidentiality and integrity of its systems and networks that support the organizationââ¬â¢s mission directorates. As a result, the organization often fails to sufficiently prevent, restrict, and detect unauthorized access to its systems and networks (GAO). The major pitfall of the NASAââ¬â¢s information security program is that it has not been consistent in identifying and authenticating users and limiting user access to its key systems and networks. The organization cannot effectively encrypt its network services and data and often fails to protect its network boundaries. It is alarming to note that the organization has even failed to protect its information technology resources physically. In addition, shortcomings in the auditing and monitoring of computer-related events also contributed to the organizationââ¬â¢s information security inefficiency. The organization also faces challenges in effectively segregating incompatible duties and managing system configurations. The key reason for those inefficiencies in NASAââ¬â¢s information security program is that the organization is yet to implement some key activities to make certain that control measure are appropriately developed and functioning efficiently. The organization does not give specific focus to complete assessment of information secur
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.