The Pros And Cons Of Information Security

1053 Words 4 Pages
The US Department of Defense (DoD) relies on computer and network systems to create war-fighting advantage. These systems fuse essential combat information enabling the war-fighter to respond with a decisive action. While information systems (IS) create a better-informed warfighter on the battlefield, they can also be critical point of weakness. Adversaries can exploit IS, potentially disrupting a fighting organization’s ability to complete its mission.
IS managers are charged with the security state of the organization. Like the war-fighter, IS managers must rely on computer and network systems to provide real-time data about cyber threats, which affect their organization’s security posture, in order to make decisions regarding managing the
…show more content…
Individual workstations are recorded in asset management. These individual workstations create a network of information systems that is registered in the C&A process. Any changes or updates to these workstations are chronicled in configuration management and documented in the reaccreditation process. Threats are monitored to see what workstations or networks are affected in incident, detection, and response. Mitigations of threats and vulnerabilities must also be continually documented in the C&A process. The common denominator in all the mentioned cyber security processes is the C&A process. The C&A process aggregates data before and after accrediting an information system. IS managers must maximize efforts by focusing on the C&A process which integrates multiple processes on IS data rather focusing on each process as an independent …show more content…
eMASS is the standard tool to expedite the Department of Defense’s (DoD) C&A process called DoD Information Assurance Certification and Accreditation Process (DIACAP). Since the DoD recently adopted a different C&A process called Risk Management Framework (RMF), eMASS’s capabilities are subject to review whether they meet current policy requirements. An alternate eMASS solution is RSA’s Enterprise Governance, Risk, and Compliance (eGRC). This suite of software advertises features capabilities that fulfill current policy

Related Documents