Saturday, November 2, 2019

Identify a standard used by the VA in its information security Research Paper

Identify a standard used by the VA in its information security program, then compare and contrast with another similar standard - Research Paper Example The department therefore contains a lot of sensitive information meaning that the entity needs the proper forms of internal controls in order to protect data on the different people that is contained within the system. It is therefore a requisite for the organization to adopt the best and most secure system as not only serves the veterans but liaises with other departments to ensure proper service delivery for the veterans. There are the mandatory standards that are required by the federal government and the other standards that the entities adopt in order to have a set level of pedigree within the global trends. One of the security requirements by the Federal government that the entity has adopted is the FIPS 200 that is a standard specified by the Federal Information Security Systems Act (FISMA) that is an important part in risk management (Norman, 2007). The security systems specified under this standard are important for ensuring the integrity, confidentiality and availability of the computer system and its information while ensuring that the risks that the company may face in the process have been significantly reduced. Under the FIPS200 standards there are the management safeguards, technical safeguards and the operational safeguards. The management safeguards deal with risk assessment and security planning factors while the operational standards are mainly concerned with the personnel security and the software and hardware maintenance within the organization. The technical safeguards on the other hand are concerned with the audit trails and communications protection (Norman, 2007). Th e FIPS 200 standard is applicable to all federal government information so as to require the protection of information against any unauthorized disclosure. The standards has the minimum security requirements that it requires of the organization in the different areas that

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.