ISP Survey
Department of Justice ISP Survey
Josiah Yarbrough
CSIA 303/ Foundations of Information Systems Security
June 27, 2015
Introduction All Americans will need to have working relationship with the DOJ, that is, the Department of Justice, at some point in their lives. The DOJ is the agency that enforces federal laws. In its mission statement it states that the mission is to “… ensure public safety against threats foreign and domestic; to provide federal leadership in preventing and controlling crime; … and to ensure fair and impartial administration of justice for all Americans.”(Department of Justice, 2015) This document serves as a survey of the DOJ 2640.2F, Information Technology Security Policy and how this Program complements the mission, goals and objectives of the Department of Justice as well uncover weaknesses in the Program and include recommendations to reconcile these weaknesses.
Analysis
There are multiple components responsible to ensure the C.I.A. (confidentiality, integrity and availability) of information systems and information within the DOJ. Each component is required to maintain a security program in itself which complies with the overall IT security program of the Department. . The program includes Management, Operational, Technical, and Issue- Specific Security Policies. The DOJ IT Security Program provides guidelines on determining security control requirements and their implementation as well as defines the roles and responsibilities of upper management and personnel.
Policies
The Management Security Policy stipulates that components must adhere to periodic risk assessments, systems and services acquisition, and planning, as well as accreditation, certification and security assessments. The Operational Security Policy provides detailed guidelines regarding physical and environmental protection, personnel security, contingency planning, maintenance, conflict management, system and information integrity,
Josiah Yarbrough
CSIA 303/ Foundations of Information Systems Security
June 27, 2015
Introduction All Americans will need to have working relationship with the DOJ, that is, the Department of Justice, at some point in their lives. The DOJ is the agency that enforces federal laws. In its mission statement it states that the mission is to “… ensure public safety against threats foreign and domestic; to provide federal leadership in preventing and controlling crime; … and to ensure fair and impartial administration of justice for all Americans.”(Department of Justice, 2015) This document serves as a survey of the DOJ 2640.2F, Information Technology Security Policy and how this Program complements the mission, goals and objectives of the Department of Justice as well uncover weaknesses in the Program and include recommendations to reconcile these weaknesses.
Analysis
There are multiple components responsible to ensure the C.I.A. (confidentiality, integrity and availability) of information systems and information within the DOJ. Each component is required to maintain a security program in itself which complies with the overall IT security program of the Department. . The program includes Management, Operational, Technical, and Issue- Specific Security Policies. The DOJ IT Security Program provides guidelines on determining security control requirements and their implementation as well as defines the roles and responsibilities of upper management and personnel.
Policies
The Management Security Policy stipulates that components must adhere to periodic risk assessments, systems and services acquisition, and planning, as well as accreditation, certification and security assessments. The Operational Security Policy provides detailed guidelines regarding physical and environmental protection, personnel security, contingency planning, maintenance, conflict management, system and information integrity,
References: Cichonski, P., Millar, T., Grance, T., Scarfone, K. (2012). NIST SP 800-61: Computer Security Incident Handling Guide. National Institute of Standards and Technology. Rev. 2. Retrieved from National Institute of Standards and Technology. United States Department of Justice. (2015). About DOJ. Retrieved from http://www.justice.gov/about United States Department of Justice. (2008). DOJ 2640.2F: INFORMATION TECHNOLOGY SECURITY. Retrieved form http://www.justice.gov/sites/default/files/jmd/legacy/2014/07/16/doj2640-2f.pdf United States Department of Justice. (2015). Fiscal Years 2014-2018 Strategic Plan. Retrieved form http://www.justice.gov/sites/default/files/jmd/legacy/2014/02/28/doj-fy-2014-2018-strategic-plan.pdf United States Government Accountability Office. (2014). Information Security: Agencies Need to Improve Cyber Incident Response Practices. Retrieved from http://www.gao.gov/products/GAO-14-354