Information Security Program Survey Essay Example | Topics and Well Written Essays - 1000 words

reading Security Program follow - Essay ExampleSince the NASA needs to manage highly sensitive data, training, strategic plans, and space broadcasts, the arranging pays crabby attention to its information gage program. This paper will analyze NASAs information guarantor program focusing on aspects like strategic fit, breadth and coverage, program deficiencies or implementation issues, and stated cost and benefits. NASA Information Security Program The NASA IT Security (ITS) Division operations under the control the Chief Information Officer to manage tribute projects and thereby to mitigate vulnerabilities, improve obstacles to cross-center collaboration, and to provide cost effective IT security services for supporting the agencys systems and e-Gov initiatives. The ITS Division works to cover that IT security across the organization meets integrity and confidentiality to enhance disaster recovery and continuity of operations. The ITS Division develops and maintains an infor mation security program that ensures undifferentiated security policy, indentifies and implements risk-based security controls, and tracks security metrics to gauge compliance and effectiveness (IT Security Division). This Division excessively performs periodical audits and reviews to make sealed that security policies and procedures meet accepted standards. It is clear that NASA extensively relies on information systems and net incomes to manage its activities such as scientific discovery, aeronautics research, and space exploration. Since many of these information systems and networks are incorporate using internet, they are more likely to be threatened by cyber attacks from different sources. While analyzing the strategic fit of the NASAs information security program, it seems that the program can non well support the organizations goals and objectives payable to several security pitfalls. Although the organization has achieved significant advancements in information securi ty program management and security control implementation, it is still vulnerable to cyber attacks. According to the GAO report, NASA has not always implemented proper control measures to ensure the confidentiality and integrity of its systems and networks that support the organizations mission directorates. As a result, the organization often fails to sufficiently prevent, restrict, and detect unauthorized access to its systems and networks (GAO). The major pitfall of the NASAs information security program is that it has not been consistent in identifying and authenticating users and limiting user access to its key systems and networks. The organization cannot effectively encrypt its network services and data and often fails to cling to its network boundaries. It is alarming to note that the organization has even failed to protect its information technology resources physically. In addition, shortcomings in the auditing and monitoring of computer-related events also contributed to the organizations information security inefficiency. The organization also faces challenges in effectively segregating incompatible duties and managing system configurations. The key reason for those inefficiencies in NASAs information security program is that the organization is yet to implement some key activities to make certain that control measure are appropriately developed and functioning efficiently. The organization does not give ad hoc focus to complete assessment of information secur