Phase 1: Memo
To: Chris Staples, Chief Information Officer
From: Janella Lawton, Information Systems Security Director
Date: October 21, 2018
Subject: National Infrastructure Protection Plan (NIPP) Standards Assessment
Protecting our nations Critical Infrastructure and Key Resources (CIKR) is a single national effort and the NIPP provides a detailed guideline of how to do so. It is important that we follow these specific guidelines to ensure that our CIKR are protected from both manmade and natural threats. I have outlined the following topics for analysis to determine what needs to be done to safeguard out CIKR from potential threats while maintaining NIPP standards.
· Analysis of Authorities, Roles, and Responsibilities
· Analysis of the Risk Management Strategy
· Determining the Method of Organizing and Partnering for CIKR Protection
· Assurance of an Effective, Efficient Program Over the Long Term
Analysis of Authorities, Roles, and Responsibilities
The Homeland Security Presidential Directive 7 (HSPD-7) is a framework established by the President that assigns the Secretary of Homeland Security (DHS) with the duty of “principle Federal official to lead CIKR protection efforts among Federal departments and agencies, State and local governments, and private sector” and assigns responsibility for CIKR sectors to Federal Sector-Specific Agencies (SSAs)” (NIPP, 2009, pg. 2). The CIKR partners include a group of federal, state, and local government agencies and partners, private sector agencies, councils and research centers.
In additional to the different roles and responsibilities each entity has, there are several authorities that have been established to provide more specific details in regards to the protection and response of CIKR threats. Examples of these authorities include: the Aviation Transportation Security Act of 2001, the Federal Information Security Management Act, and HSPD-8 National Preparedness.
It is important that every organization that is responsible for a critical infrastructure or resource understand the importance of their role in the nations NIPP. Identifying threats, employing essential personnel, and implementing the NIPP standards will guarantee that our organization is supporting the nations CIKR protection initiative.
Analysis of the Risk Management Strategy
1. Identify Assets, Systems, and Networks
2. Assess Risk
3. Prioritize
4. Implement Protective Programs and Resiliency Strategies
5. Measure Effectiveness
Determining the Method of Organizing and Partnering for CIKR Protection
1. Leadership and Coordination Mechanisms
2. Information Sharing
3. Protection of Sensitive CIKR Information
Assurance of an Effective, Efficient Program Over the Long Term
1. Building National Awareness
2. Conducting Research and Development and Using Technology
3. Building, Protecting, and Maintaining Databases, Simulations, and Other Tools
4. Continuously Improving the NIPP and the SSPs