Wednesday, May 6, 2020

U.s. Department Of Homeland Security Example For Students

U.s. Department Of Homeland Security 1. Purpose Among one of the missions of The U.S. Department of Homeland Security is to protect and preserve the security of the Cyberspace in the country. The principal objective of this Security Plan is to give instructions and direction for the Department’s workers and help the Homeland Security to create best practices and strategies in the IT security system. 2. Scope This policy needs to be applied to all users, employees, contractors, suppliers and to all IT resources such as e-mails, files, data, messages and documents controlled or administered by The Department of Homeland Security. 3. Policy Intention The Department of Homeland IT security policy must be uniform, stable, consistent, efficient, effective and compatible with best practices Information Security in the Department. It is the purpose of this security policy to create and implement the best security plans, strategies, and practices throughout the Department. Also, it is the intention of this policy to create safe and secure Cyberspace. 4. Protecting Cyberspace Building secure and safe cyberspace and Communications system in the country is the top priority of the department. In its kind the Cybersecurity Framework of the Department is the most comprehensive and efficient one. The Department of Homeland Security performing the following activities to secure the cyberspace efficiently: ïÆ' ¼ Checking and assessing organizations capacity of cyber-attacks defensive mechanisms and potentials. ïÆ' ¼ Evaluate organizations decision making and incident response strategies at the national level. ïÆ' ¼ Validate and confirm communication and information sharing methods. Create awareness about new cyber incidents and way of response, and recovery practices. ïÆ' ¼ Review the way of sharing sensitive and private information without compromising the national security interests. 5. Cybersecurity Framework The Framework is a risk-based strategy for conducting Cybersecurity peril and is comprised of three components: The Framework Core, Implementation Tiers, and Profiles. All the above Framework segment strengthens the relationship between business drivers and cybersecurity activities. ïÆ'Ëœ The Framework Core is a collection of cybersecurity activities, aspired results, and appropriate recommendations that are familiar with significant foundation areas. ïÆ'Ëœ Framework Implementation Tiers present a meaning on how The Department observes cybersecurity risk and what kind of method or processes need to follow to control and handle that risk. ïÆ'Ëœ The Framework Profile describes the consequences depend on the Department demands that already chosen and decided from the Framework segments and Sub-segments. 6. Threat Identification The following Information security risks are identified by The US Department of Homeland Security that can compromise confidentiality, availability, and integrity of the system are: ïÆ'Ëœ Administrative, Maintenance, Software and System Design and User Errors ïÆ'Ëœ Denial of service, virus, spyware, trojan, worm attacks ïÆ'Ëœ Unauthorized modification of data ïÆ'Ëœ Electronic Warfare, ïÆ'Ëœ Terrorist act such as Terrorist cyber-attack, ïÆ'Ëœ Natural disasters such as Hurricane, Lightning, Tornado, Volcano. 7. Risk Management The Department risk management includes the following processes: ïÆ'Ëœ Assessing and evaluating all types of Risks ïÆ'Ëœ Evacuating all kinds of Security Controlling Methods and procedures ïÆ'Ëœ Cost and Benefit Analysis ïÆ'Ëœ Recognize and understand Security Constraints ïÆ'Ëœ Assessing security laws, policies, and regulations 8. Risk Assessment Approach The Department risk assessment approach is used information security system analysis to find out security vulnerabilities and to determine lethal threats to the system. Also, the approach efficiently mitigates chances of risks by evaluating the existing countermeasures and by assessing providing cost effective security strategies. The Approach follows series steps to identify threats and to recommend the best security methods and practices. 9. System Vulnerabilities The primary objective of system vulnerability is to determine the weakness of the Department networking system. The system assessing communications, environmental, personal securities and evaluating significant and specific hardware, to identify the vulnerabilities of information technologies in the department. Also, the approach evaluating security controlling systems to check whether they are properly implemented or not. Drugs And Crime (3258 words) Essayï  ¶ The Department Business Systems should develop information technology and other assets security plan. ï  ¶ The Department Business Systems should develop a consistent policy that can be compatible with the organization’s objective, purpose, and structure. ï  ¶ The security policy must define and show clearly and broadly the authorization boundary of each security and controlling systems and applications. ï  ¶ The Security Policy should be able to describe the operational circumstances of the information security asset regarding its missions and business processes. ï  ¶ The Policy need to provide the different security categories and their level of impact on the information asset. ï  ¶ The vital information, assets, and technologies operational environment need to describe in the security policy. ï  ¶ There should be an indication of relationships, connections, and continuity between all information and systems in the security policy. ï  ¶ The Department security requirement and obligation systems need to be summarized and reviewed. ï  ¶ Planned and existed security control methods that are meet the safety requirements of the department need to describe and discussed. ï  ¶ Before the security plan is implemented or activated, it is crucial and necessary to be reviewed, assessed and approved by authorized officials. ï  ¶ The Department of Homeland Security information should be available to all users with their expected responsibility and the rights and limitations of asset usage. ï  ¶ The Department operating system needs to collect evaluation about information and assets risk classification and their information security status. ï  ¶ The business system of the Department needs to design and organize security associated projects that sway its information assets. 13. Plan of Action and Milestones Following the Federal Information Security Management Act of 2002 (FISMA), every information system is needed to create a Strategy of Action and Milestones (POAM) to explain any specified vulnerabilities by analyzing a memoranda and assessment. POAMs create a framework to minimize weakness, and implement suggested security measures, recognize sources and determine related expenses. The proposed safety measures in this security plan need to be incorporated in the Test_2015-01-15-1052 POAM and excited due to The US Department Homeland Security Plans of action and milestones guide requirement to mitigate the standard and the level of jeopardy that affiliated with the system.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.