skip to main content
10.1145/1940941.1940964acmotherconferencesArticle/Chapter ViewAbstractPublication PagesinfoseccdConference Proceedingsconference-collections
research-article

Threat based risk management in the federal sector

Published: 01 October 2010 Publication History

Abstract

The United States federal government has many regulations and laws today that require federal agencies to implement a risk management program. Despite these efforts, computer security intrusions and data loss continue to rise. The need for a adaptable and quantifiable risk management approach is needed. A threat based risk management approach is a potential solution. Threat based management is based upon a risk rating posed by individual threats which could carry over to the current federal system. The quantification of threats could also allow for more thorough audits of federal risk management programs.

References

[1]
Federal Information Security Management Act of 2002, H. R. 2458--48. DOI=http://csrc.nist.gov/drivers/documents/FISMA-final.pdf.
[2]
Government Accountability Office. {2008} Cyber Analysis and Warning. (GAO-08-588) DOI=http://democrats.science.house.gov/Media/file/Reports/GAO_report_7.08.pdf
[3]
Department of Homeland Security. {2003} National Strategy to Secure Cyberspace. DOI=http://www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf.
[4]
Sternstein, Aliya. {2010}. Federal Cybersecurity Goes Real Time and Digital. Next. Gov. DOI=www.nextgov.com/nextgov/ng_20100421_5175.php
[5]
Bain, Ben. {2010}. NASAs New Fisma Approach and What It Means For You. Federal Computer Week. DOI=http://fcw.com/articles/2010/05/24/web-nasa-fisma-memo.aspx
[6]
National Insitute of Standards and Technologies. {2010} Special Publication 800--53 Revision 3 DOI=http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf
[7]
Government Accountability Office. {2009} Concerted Effort Needed To Improve Federal Performance Measures. (GAO-10-159T) DOI=www.gao.gov/new.items/d10159t.pdf
[8]
National Insitute of Standards and Technologies. {2004} FIPS-199 Standards for Security Categorization of Federal Information and Information Systems DOI= http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf
[9]
National Insitute of Standards and Technologies. {2006} FIPS-200 Minimum Security Requirements for Federal Information and Information Systems DOI=http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf
[10]
National Insitute of Standards and Technologies. {2006} Special Publication 800--18 Guide for Developing Security Plans for Federal Information Systems DOI= http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf
[11]
Office of Management and Budget. {2001} Memorandum for Heads the Heads of Executive Departments and Agencies M-02-01
[12]
Field, Tom. 2009. Marcus Ranum: The Biggest Security Threats Getting the Least Attention. Bank Info Security. DOI=http://www.bankinfosecurity.com/articles.php?art_id=2032?rf=010810eb
[13]
Herrod, Chrisan(2006). The Role of Information Security and Its Relationship to Information Technology Risk Management. In Whitman, Michael & Mattord Herbert, Readings and Cases in the Management of Information Secuirty (pp. 45--61) Mason, OH: Concourse Technology.
[14]
Whitman, Michael & Mattord Herbert (2010). Management of Information Security. Mason, OH: Concourse Technology.
[15]
Gorman, Siobhan {2010}. Details of "Einstein" Cyber Shield Disclosed by White House DOI= http://blogs.wsj.com/digits/2010/03/02/%E2%80%9Ceinstein%E2%80%9D-program-disclosed-as-us-cyber-shield/
[16]
Microsoft Technet DOI=http://technet.microsoft.com/en-us/library/Cc751212.sgfg0201_big%28en-us,TechNet.10%29.gif
[17]
Office of Management and Budget {2009} Fiscal Year 2008 Report to Congresson Implementation of The Federal Information Security Security Act of 2002 DOI= http://www.google.com/url?sa=t&source=web&cd=2&ved=0CBgQFjAB&url=http%3A%2F%2Fwww.whitehouse.gov%2Fomb%2Fasset.aspx%3FAssetId%3D835&ei=iKo7TN7FAYL-8AaNntmnBg&usg=AFQjCNFJXNx80ksfO1FReLSzzVbyRCJ0fg

Index Terms

  1. Threat based risk management in the federal sector

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      InfoSecCD '10: 2010 Information Security Curriculum Development Conference
      October 2010
      187 pages
      ISBN:9781450302029
      DOI:10.1145/1940941
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      • KSU - CISE: KSU Center for InfoSec Education
      • ISSA: The Metro Atlanta Information Systems Security Association

      In-Cooperation

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 01 October 2010

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. FISMA
      2. NIST
      3. computer security
      4. cybersecurity
      5. risk
      6. risk management
      7. security programs

      Qualifiers

      • Research-article

      Conference

      InfoSecCD '10
      Sponsor:
      • KSU - CISE
      • ISSA

      Acceptance Rates

      Overall Acceptance Rate 18 of 23 submissions, 78%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 568
        Total Downloads
      • Downloads (Last 12 months)3
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 12 Feb 2025

      Other Metrics

      Citations

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media