Government Documents, Laws, Testimonies or Reports and Cybersecurity Policy
Standards for Security Categorization of Federal Information and Information Systems (FIPS-199)
| Title: | Standards for Security Categorization of Federal Information and Information Systems (FIPS-199) (ID: CSD5355) | | Source: | National Institute of Standards and Technology | | Origin: | Contributed by Organizations or Campuses (02/18/2004) | | Type: | Government Documents, Laws, Testimonies or Reports | | Abstract: | The E-Government Act of 2002 (Public Law 107-347), recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, entitled the Federal Information Security Management Act of 2002 (FISMA), tasked NIST with responsibilities for standards and guidelines, including the development of:
- Standards to be used by all federal agencies to categorize all information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to a range of risk levels;
- Guidelines recommending the types of information and information systems to be included in each category; and
- Minimum information security requirements (i.e., management, operational, and technical controls), for information and information systems in each such category. | | View this resource: | |
Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development
| Title: | Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development (ID: CSD5182) | | Origin: | Contributed by Organizations or Campuses (10/03/2007) | | Type: | Government Documents, Laws, Testimonies or Reports | | Abstract: | This federal register notice informs the public and interested stakeholders that the Department of Homeland Security (DHS) is making available for public review and comment ``Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development.'' This framework is intended to assist the public, private, and academic sectors with strategic IT security workforce development initiatives including professional development, training and education. The EBK is not an additional set of DHS guidelines, and it is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, defines four primary functional perspectives, and establishes an IT Security Role, Competency, and Functional Matrix. | | View this resource: | |
Critical Infrastructure Protection: Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities
| Title: | Critical Infrastructure Protection: Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities (ID: CSD4024) | | Origin: | Contributed by Organizations or Campuses (2005) | | Type: | Government Documents, Laws, Testimonies or Reports | | Abstract: | Increasing computer interconnectivity has revolutionized the way that our government, our nation, and much of the world communicate and conduct business. While the benefits have been enormous, this widespread interconnectivity also poses significant risks to our nation's computer systems and, more importantly, to the critical operations and infrastructures they support. The Homeland Security Act of 2002 and federal policy established DHS as the focal point for coordinating activities to protect the computer systems that support our nation's critical infrastructures. GAO was asked to determine (1) DHS's roles and responsibilities for cyber critical infrastructure protection, (2) the status and adequacy of DHS's efforts to fulfill these responsibilities, and (3) the challenges DHS faces in fulfilling its cybersecurity responsibilities. | | View this resource: | |
Creating a National Framework for Cybersecurity: An Analysis of Issues and Options
| Title: | Creating a National Framework for Cybersecurity: An Analysis of Issues and Options (ID: CSD3765) | | Author(s): | Eric A. Fischer (Library of Congress) | | Source: | CRS | | Origin: | Contributed by Organizations or Campuses (2005) | | Type: | Government Documents, Laws, Testimonies or Reports | | Abstract: | Many observers believe that cyberspace has too many of the properties of a commons for market forces alone to provide those incentives. Also, current federal laws, regulations, and public-private partnerships appear to be much narrower inscope than the policies called for in the National Strategy to Secure Cyberspace and similar documents. Some recent laws do provide regulatory incentives for corporate management to address cybersecurity issues. Potential models for additional actioninclude the response to the year-2000 computer problem and federal safety and environmental regulations. Congress might consider encouraging the widespread adoption of cybersecurity standards and best practices, procurement leveraging by thefederal government, mandatory reporting of incidents, the use of product liability actions, the development of cybersecurity insurance, and strengthened federal cybersecurity programs in the Department of Homeland Security and elsewhere. This report will be updated in response to significant developments in cybersecurity. | | View this resource: | |
Corporate Information Security Working Group:
| Title: | Corporate Information Security Working Group: (ID: CSD3661) | | Origin: | Contributed by the Security Task Force (2004) | | Type: | Government Documents, Laws, Testimonies or Reports | | Abstract: | The Corporate Information Security Working Group (CISWG) was originally convened in November 2003 by Representative Adam Putnam (R-FL). The Best Practices team surveyed available information security guidance. It concluded in its March 2004 report that much of this guidance is expressed at a relatively high level of abstraction and is therefore not immediately useful as actionable guidance without significant and often costly elaboration. In a subsequent phase convened in June 2004, the Best Practices and Metrics teams was charged with refining Information Security Program Elements and developing recommended Metrics supporting each of the elements. This report is the result of that effort and represents a resource that will help Board members, managers, and technical staff establish their own comprehensive structure of principles, policies, processes, controls, and performance metrics to support the people, process, and technology aspects of information security. | | View this resource: | |
Computer Security: A Summary of Selected Federal Laws, Executive Orders, and Presidential Directives,
| Title: | Computer Security: A Summary of Selected Federal Laws, Executive Orders, and Presidential Directives, (ID: CSD3272) | | Origin: | Contributed by Organizations or Campuses (2004) | | Type: | Government Documents, Laws, Testimonies or Reports | | Abstract: | This report provides a short summary of selected federal laws, executive orders, and presidential directives, currently in force, that govern computer security. The report focuses on the major roles and responsibilities assigned various federal agencies in the area of computer security. | | View this resource: | |
Protecting Our Nation's Cyber Space: Educational Awareness for the Cyber Citizen
| Title: | Protecting Our Nation's Cyber Space: Educational Awareness for the Cyber Citizen (ID: SEC0407) | | Author(s): | Rodney J. Petersen (EDUCAUSE) | | Origin: | Contributed by the Security Task Force (2004) | | Type: | Government Documents, Laws, Testimonies or Reports, Presentations/Speeches | | Abstract: | Over the last decade, the number of computers connected to the Internet has increased significantly. As a result, the discovery and exploit of a vulnerability in a major software program has become a threat to the stability of the Internet and the continuance of commerce. For example, the Blaster worm infected over 400,000 computers worldwide in less than 5 days. This level of infection occurred despite the fact that the patch that would have prevented infection had been available for over a month. At the same time, millions of copies of the SoBig.F worm spread across the Internet in one of the fastest attacks ever recorded. In fact, about one in three internet users are infected with a virus or worm every year. Moreover, research by security firm, Qualys, Inc., indicates that as the furor over a vulnerability dies down, the number of unpatched systems begins to once again increase. This leads to the chilling conclusion that worms could make second appearances, exploiting the same vulnerabilities. So, why aren't cyber citizens patching their systems, installing firewalls and keeping their anti-virus programs up to date? What are the best tools available to increase our cyber protection? This hearing will examine the current public and private initiatives underway to educate home users and small business on basic cyber security. Among the initiatives presented will be those aimed at small business, children, older students and the average home user. | | View this resource: | |
|
