FISMA: Federal Information Security Management Act

FISMA: Federal Information Security Management Act

FISMA in the USA law is an inclusive scaffold to safeguard state operations, assets, and information in opposition to man-made or natural hazards. The passing date of FISMA is 17th December, 2012, in the electronic government Act of 2002 (Warren, 2003).

Topic 1: FISMA Pros and Cons

FISMA passes responsibilities to many companies to make sure the protection of information in the federal government. The requirements of the act include the head of each business, and program officials, to carry out yearly reviews of data security programs, with the intention of maintaining hazards at or beneath particular suitable extents in a cost-effective, efficient, and timely manner. The “National Institute of Standards and Technology (NIST)” delineates nine stages to compliance with FISMA:

Classify the information to be preserved

Choose smallest baseline controls

Purify controls using a hazard evaluation process

Apply security restrictions in proper information systems

Evaluate the efficiency of the security controls after their implementation

Establish business level hazard to the business case or mission

Sanction the information system for processing

Examine the security restrictions on a continual basis

The purpose of FISMA is to deliver effective information security management and supervision for the federal government. In this program, FISMA acknowledges the significance of information security to the USA's economic and national security. In order to supervise heads of business and make sure compliance, FISMA authorizes the “Office of Management and Budget (OMB)” with control power over information security systems of national organizations (Evans, et.al, 2004).

On the other hand, FISMA has failed to strengthen real information security. There are three established theories that endeavor to articulate that why FISMA failed to strengthen real information security. The foremost theory is that federal agencies have experienced complexity applying FISMA. The second embraces that FISMA provides an unfunded authorization of pre-existing budget. The third assumption embraces that FISMA is too unclear to make sure adequate information security (White, 2010).

Topic 2: Quantifying Information Security Loss

The techniques to measure information security loss involve the process of choosing the proper security controls. It also involves reassurance requirements for an organization's information systems to accomplish adequate protection. This method involves complication and risks oriented job engaging operational personnel, management in the business (Locke & Gallagher, 2009). The techniques and procedures adopted in the current market include various implementation of IT systems to quantify information security loss. Implementation of IT systems and management involves adaptation and customization of the structure to suit the internet condition and needs of business. This can be performed by the local group; however, external contractors with knowledge and experience of executing IT services frequently supporting this function in different market perspectives.

Since everyday activities and the communications infrastructure of the company have turned out to be growingly reliant on information technology (IT), the security of data in our company is the core responsibility of IT. This is indeed as the development of IT has offered several innovative techniques for critical business data to be negotiated. Business executives anticipate the IT department to organize the innovative ...