 |
 |
 |
 |
 |
|
For the security of any system to be strong, the system's owners must consider three fundamental security areas: management controls, operational controls, and technical controls. While technical controls, such as encryption, digital signatures, or firewalls, receive the most attention, inadequate operational controls and the day-to-day administration of technical controls often create the most vulnerabilities. Strong management controls are needed to tie all the aspects of security together into a sensible protection strategy. NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, helps organizations to improve their operational and management controls. This CSL Bulletin explains some of the needs which GSSPs can solve and presents a set of generally accepted system security principles developed by NIST.
Whatever direction the cyberthreat takes, the United States Government will be confronting an increasingly interconnected world in the years ahead. This is the core message of GT2015. We will have to develop, in response, greater communications and collaboration across the agencies of our own Government, with other governments, and with the corporate world. Interagency cooperation will be essential to understanding the cyberthreat, as well as other transnational threats that will crowd our agenda, and to responding effectively with interdisciplinary strategies. Consequence management of a major attack on a critical US infrastructure would involve virtually all agencies of the Federal Government, State, and local governments, foreign governments, law enforcement, the military, the medical community, and the media. NSTISSC and the Intelligence Community clearly have a lot of work to do if we are to understand this evolving threat and to be prepared to deal with it.
At the request of the Assistant to the President and Chief of Staff, we have prepared this memorandum to provide guidance for reviewing Government information regarding weapons of mass destruction, as well as other information that could be misused to harm the security of our nation or threaten public safety. It is appropriate that all federal departments and agencies consider the need to safeguard such information on an ongoing basis and also upon receipt of any request for records containing such information that is made under the Freedom of Information Act (FOIA), 5 U.S.C. ยง 552 (2000). Consistent with existing law and policy, the appropriate steps for safeguarding such information will vary according to the sensitivity of the information involved and whether the information currently is classified.
This bill, operative July 1, 2003, would require a state agency,
or a person or business that conducts business in California, that
owns or licenses computerized data that includes personal
information, as defined, to disclose in specified ways, any breach of
the security of the data, as defined, to any resident of California
whose unencrypted personal information was, or is reasonably
believed to have been, acquired by an unauthorized person. The bill
would permit the notifications required by its provisions to be
delayed if a law enforcement agency determines that it would impede a
criminal investigation. The bill would require an agency, person,
or business that maintains computerized data that includes personal
information owned by another to notify the owner or licensee of the
information of any breach of security of the data, as specified. The
bill would state the intent of the Legislature to preempt all local
regulation of the subject matter of the bill. This bill would also
make a statement of legislative findings and declarations regarding
privacy and financial security.
|
||||||||||||||||||||||||||||||||||||||||
RSS SyndicationCopyright © 2007 BankInfoSecurity.com