Introduction:
This document will outline the policies and practices to be used and implemented in compliance with DoD specifications and standards for the contract of services to be provided to them. This report will consist of creating security controls based on auditing frameworks within the seven domains. Also to develop information assurance (IA) plan, a list of the requirements for each of the seven domains.
Department of Defense (DoD) Standards and Requirements
This project must meet the requirements of DoD security policies and standards for delivery of the technology services. The first requirement we are to discuss is Federal Information Security Management Act (FISMA) which is a United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA assigned the National Institute of Standards and Technology (NIST), the responsibility of defining standards and security procedures to be followed and must be complied. There are nine processes NIST outlines to be in compliance with FISMA:
1. Categorize the information to be protected.
2. Select minimum baseline controls.
3. Refine controls using a risk assessment procedure.
4. Document the controls in the system security plan.
5. Implement security controls in appropriate information systems.
6. Assess the effectiveness of the security controls once they have been implemented.
7. Determine agency-level risk to the mission or business case.
8. Authorize the information system for processing.
9. Monitor the security controls on a continuous basis.
Frameworks
The framework we will follow for the DoD is a descriptive control framework, which provides for governance at a high level. T...
... middle of paper ...
...common risks and their mitigating techniques are: Unauthorized access to data centers, computer rooms, and wiring closets – this risk can be mitigated by applying policies, standards, procedures, and guidelines for staff and visitors to secure facilities. Servers must sometimes be shut down to perform maintenance – this can be mitigated by creating a system to tie servers, storage devices, and the network together and created redundancy to prevent down time on mission critical services. Server operating systems vulnerability – this can be mitigated by ensuring all server operating system environments are defined with the proper patches and updates. And lastly cloud computing virtual environments are not secure by default configurations – can be mitigated with setting up virtual firewalls and server segments on separate VLANs to help prevent failure in the network.
...ifies that it is a long and drawn- out process that by the time an acquisition is produced and fielded the technology has been surpassed. The Objectives Memo also identifies the need to reform this process not only for the reason stated in the QDR but also as part of good stewardship to the America public. The difference occurs how this change should happen. The QDR identifies that we must avoid sacrificing cost and scheduling for promises of improved performance. Sometimes off the shelf, technology now and cheap is better than waiting for the next war ender that may never come. By contrast, the Objectives Memo believes that both good stewardship and improvement of the acquisition process are achievable by implementing a management system. This system would provide information architecture to decision makers with timely, accurate, and efficient information.
The boundaries for the RM plan would be defined by the criteria and requirements set forth by the RM plan mandate. An independent audit of the current RM situation should be undertaken in order to establish the RM status quo. A new RM Plan will comply with all current Federal and DOD regula...
The purpose of this paper is to provide a brief analysis of the United States Army’s organizational structure and its culture and how these two elements impact its workers, associates and affiliates. This paper will first examine the Army’s history, development and structure to highlight the origins of the Army’s culture. Secondly, a brief history of the Army’s organizational development will be followed by a close examination of its philosophy and supporting beliefs. Lastly, this paper will discuss the role of the Army’s leadership, their response to critical issues and the organizational structure of the Army. An analysis of the army’s top leaders will help the reader to understand the Army culture more thoroughly in the context of the Army’s organizational structure. More specifically this section of the paper will examine the Army leadership’s response to the current geo-political environment and other related issues. In conclusion, this paper hopes to highlight the Army’s overall functioning from an organizational standpoint and emphasize that idea that the Army is like a functional corporation. This will be accomplished by addressing various key questions throughout this text.
...ies that it is a long and drawn out process that by the time an acquisition is produced and fielded the technology has been surpassed. The Objectives Memo also identifies the need to reform this process not only for the reason stated in the QDR but also as part of good stewardship to the America public. The difference occurs in how this change should happen. The QDR identifies that we must avoid sacrificing cost and scheduling for promises of improved performance. Sometimes off the shelf, technology now and cheap is better than waiting for the next war ender that may never come. By contrast, the Objectives Memo believes that both good stewardship and improvement of the acquisition process are achievable by implementing a management system. This system would provide information architecture to decision makers with timely, accurate, and efficient information.
National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems. Special Publication 800-30, 2002.
Former Chairman of the Joint Chiefs of Staff Martin Dempsey opened the 2015 National Military Strategy with the line “complexity and rapid change characterize today’s strategic environment.” Robert Axelrod and Michael Cohen offer that complexity and rapid change describe a system that “consists of parts which interact in ways that heavily influence the probabilities of later events.” Further, human involvement in the strategic environment signifies that the “agents or populations” within the system will seek to change and these interactions and changes are extremely difficult if not impossible to predict. The integrated planning process combines detailed and conceptual planning to enable planning in a complex environment. The Army Design
ADM offers Commanders and planning staff a tool for the conceptual component of an integrated planning process. The goal is to provide the commander with a cognitive tool that he can use to understand the logic of the system. Design is non-linear in thought and application. Its methodology clari¬fies guidance in the consideration of operational environment, and the current system is understood within existing limitations. The design team pro¬duces an environmental frame, an initial problem statement, and an initial theory of action. As the teams’ understanding increases and the nature of the problem begins to take form, the team explores in greater detail aspects of the environment that appear relevant to the problem. Here choices are made about boundaries and areas for possible inter¬vention. From this deeper understanding, the des...
Background: In 2003, the Army published its guidance on the implementation of the principles of Mission Command (MC); the leadership philosophy adopted by the Army. The ideals and principles were discussed and implemented throughout the Army over the course of Operations Enduring and Iraqi Freedom and are still being implemented in Operation Inherent Resolve. In 2012, the Army published updated doctrine to further explain and codify the principles of MC in ADP 6-0. The Army War College developed the Key Strategic Issues List for 2015-1016 and asked students in the FA49 ORSA Q-Course to identify one key strategic initiative and draft a white paper to discuss it. This white paper will discuss issue #7: "What cultural changes are needed in the Army for it to meet future challenges while embracing" MC? In this white paper, I will discuss what embedding and reinforcing mechanisms the Army senior leaders need to put into place to change the culture.
Operational leaders appreciate that SC is a critical element to achieving victory in current and future conflicts, but continue to struggle with how to employ SC given the lack of doctrine. A view across the combatant commands illustrates that “many different approaches to SC are being utilized, with uneven results. Processes are often quite different and integration into the planning process is not consistent.” Operational planners recognize SC is a necessary element of planning but are unsure how to plan for it.
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Given the size, reach, and overall structure of this multi-tiered and multi-functional organization it is only through a strict chain of command that the mission can be achieved. From its inception, the military made sure that in order to unify their substantial workforce, leadership must establish a clear vision that would unify the troops and guide them to a singular resolve. The flaw here is that with such a vertical leadership approach, with the upper level leaders having nearly unquestionable authority and the lowest level being purely follower minded, that leadership can very easily go astray with their unrivaled power. This is why the code of conduct is so vitally important (Roche, 2004). Not only does it unify all members to a single ideal, it forces leadership to act in a way that demonstrates the values that they demand their entire organization hold themselves
For many industries relying solely on NIST framework is not enough. The framework is not meant to replace their existing processes of handling cyber threats, however, by using the framework as a base, they can find the gaps in the most important infrastructure and figure out a way to harden and improve its security. For example, the energy industry is one of the most important industries and it has critical role in keeping the country safe. Therefore, most of the cyber-attacks are targeting it. In order to keep it safe, many agencies are involved in improving the best practices and standards for the industry, and hardening its critical infrastructure.
5. effective global workforce. Cloud computing can be bring out with variety of data centers around the world, make sure that services are close to users. Provide better performance and appropriate
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
United States Executive Office of the President. (2009). Cyber space policy review: Assuring a Trusted and Resilient Information and Communications Infrastructure. (pp. 1-38). Retrieved from http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf