Threat based risk management in the federal sector
Pages 97 - 106
Abstract
The United States federal government has many regulations and laws today that require federal agencies to implement a risk management program. Despite these efforts, computer security intrusions and data loss continue to rise. The need for a adaptable and quantifiable risk management approach is needed. A threat based risk management approach is a potential solution. Threat based management is based upon a risk rating posed by individual threats which could carry over to the current federal system. The quantification of threats could also allow for more thorough audits of federal risk management programs.
References
[1]
Federal Information Security Management Act of 2002, H. R. 2458--48. DOI=http://csrc.nist.gov/drivers/documents/FISMA-final.pdf.
[2]
Government Accountability Office. {2008} Cyber Analysis and Warning. (GAO-08-588) DOI=http://democrats.science.house.gov/Media/file/Reports/GAO_report_7.08.pdf
[3]
Department of Homeland Security. {2003} National Strategy to Secure Cyberspace. DOI=http://www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf.
[4]
Sternstein, Aliya. {2010}. Federal Cybersecurity Goes Real Time and Digital. Next. Gov. DOI=www.nextgov.com/nextgov/ng_20100421_5175.php
[5]
Bain, Ben. {2010}. NASAs New Fisma Approach and What It Means For You. Federal Computer Week. DOI=http://fcw.com/articles/2010/05/24/web-nasa-fisma-memo.aspx
[6]
National Insitute of Standards and Technologies. {2010} Special Publication 800--53 Revision 3 DOI=http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf
[7]
Government Accountability Office. {2009} Concerted Effort Needed To Improve Federal Performance Measures. (GAO-10-159T) DOI=www.gao.gov/new.items/d10159t.pdf
[8]
National Insitute of Standards and Technologies. {2004} FIPS-199 Standards for Security Categorization of Federal Information and Information Systems DOI= http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf
[9]
National Insitute of Standards and Technologies. {2006} FIPS-200 Minimum Security Requirements for Federal Information and Information Systems DOI=http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf
[10]
National Insitute of Standards and Technologies. {2006} Special Publication 800--18 Guide for Developing Security Plans for Federal Information Systems DOI= http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf
[11]
Office of Management and Budget. {2001} Memorandum for Heads the Heads of Executive Departments and Agencies M-02-01
[12]
Field, Tom. 2009. Marcus Ranum: The Biggest Security Threats Getting the Least Attention. Bank Info Security. DOI=http://www.bankinfosecurity.com/articles.php?art_id=2032?rf=010810eb
[13]
Herrod, Chrisan(2006). The Role of Information Security and Its Relationship to Information Technology Risk Management. In Whitman, Michael & Mattord Herbert, Readings and Cases in the Management of Information Secuirty (pp. 45--61) Mason, OH: Concourse Technology.
[14]
Whitman, Michael & Mattord Herbert (2010). Management of Information Security. Mason, OH: Concourse Technology.
[15]
Gorman, Siobhan {2010}. Details of "Einstein" Cyber Shield Disclosed by White House DOI= http://blogs.wsj.com/digits/2010/03/02/%E2%80%9Ceinstein%E2%80%9D-program-disclosed-as-us-cyber-shield/
[16]
Microsoft Technet DOI=http://technet.microsoft.com/en-us/library/Cc751212.sgfg0201_big%28en-us,TechNet.10%29.gif
[17]
Office of Management and Budget {2009} Fiscal Year 2008 Report to Congresson Implementation of The Federal Information Security Security Act of 2002 DOI= http://www.google.com/url?sa=t&source=web&cd=2&ved=0CBgQFjAB&url=http%3A%2F%2Fwww.whitehouse.gov%2Fomb%2Fasset.aspx%3FAssetId%3D835&ei=iKo7TN7FAYL-8AaNntmnBg&usg=AFQjCNFJXNx80ksfO1FReLSzzVbyRCJ0fg
Index Terms
- Threat based risk management in the federal sector
Recommendations
Software Project Risk Management Practice in Ethiopia
AbstractIn a country like Ethiopia, where information and communication systems are in the early stage of development, software projects may face several challenges. Risk is one of the factors that challenges project performance, and even causes ...
Comments
Information & Contributors
Information
Published In
October 2010
187 pages
Copyright © 2010 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- KSU - CISE: KSU Center for InfoSec Education
- ISSA: The Metro Atlanta Information Systems Security Association
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 October 2010
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
InfoSecCD '10
Sponsor:
- KSU - CISE
- ISSA
InfoSecCD '10: 2010 Information Security Curriculum Development Conference
October 1 - 3, 2010
Georgia, Kennesaw
Acceptance Rates
Overall Acceptance Rate 18 of 23 submissions, 78%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 568Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)1
Reflects downloads up to 11 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in