Week 6
NoName 89
Chapter8PPT.pptxISOL 633 Legal, Regulations, Investigations, and Compliance
UNIVERSITY OF THE CUMBERLANDS
School of Computer and Information Sciences
Housekeeping
Lecture Roadmap:
Chapter Eight: Federal Government Information Security and Privacy Regulations
Homework Assignments
Discussion Post
Chapter Eight: Federal Government Information Security and Privacy Regulations
What are information security challenges facing the federal government?
FISMA
Federal privacy laws
ADA Section 508
Chapter Eight: Federal Government Information Security and Privacy Regulations
Information Security Challenges
Federal government is largest producer and user of information in U.S.
Government computer systems’ data:
Critical for government operations
Employment, tax, citizenship
Businesses
Threat Protection
Federal IT systems and data in them are attractive targets for criminals
Chapter Eight: Federal Government Information Security and Privacy Regulations
FISMA
Many functions and objectives
Categorize data and systems
Compliance with security requirements
Identifies, assesses, monitors security controls
Authorization schema
Key FISMA Requirements
Agency Information Security Programs
NIST Created Standards and Guidelines
FedCIRC became US-CERT
NSSs Take Risk-based Approach
FISMA Implementation Project
**not actually certified**
Chapter Eight: Federal Government Information Security and Privacy Regulations
FISMA requires each federal agency to create an agency-wide information security program which must include:
Risk assessments
Annual inventory
Policies and procedures
Subordinate plans
Security awareness training
Testing and evaluation
Remedial actions
Incident Response
Continuity of operations
Chapter Eight: Federal Government Information Security and Privacy Regulations
Privacy Requirements
Create information security programs
Review information security risks
Implement controls to mitigate risks
Limit use of PII
Review IT systems for privacy impacts
Notify public about data collection practices
Full Name National ID # IP address
Vehicle Registration # DL #
Face, Fingerprints, Bio Data Credit Card #
Digital ID Date of Birth Country of birth
Genetic data
Chapter Eight Summary
This chapter reviews the laws that protect the security and privacy of data that the federal government uses. FISMA is the main law protecting the security of federal government IT systems. It requires federal agencies to create information security programs. Agencies also must review their information security risks. The law requires them to implement controls to mitigate those risks.
The Privacy Act of 1974 and the E-Government Act of 2002 are the main laws protecting data privacy at the federal level. These laws govern how federal agencies use personally identifiable data. Under the E-Government Act, federal agencies must review their IT systems for any privacy impacts. Both laws require federal agencies to notify the public about their data collection practices.
It was produced in January 2017 by the US access board and it surrounds section 508 of the ADA.
There are amendments there and they include requirements for what is called information and communications technology.
These are civil rights laws.
Section 508 is important because it is a new rule that applies to ICT.
Section 508 of the ADA
Read Chapter 9
Discussion Post
Homework Assignments
