Resources for Federal Information Security Management Act (FISMA)

Department of Justice: Steps Toward Mitigating Risk

www2.csoonline.com

The key to that is starting with our mission needs, looking at our mission objectives and the risks to those mission objectives. Then identifying the security controls that mitigate those risks or directly support a mission objective. Preventing terrorism is our number-one goal, one that we share with many federal agencies, and of course a big part of that is data sharing and preventing that information from getting into the hands of people it shouldn’t. Much of that information has to be protected by law; other [information has to be protected] just in support of your mission. So the ability to look at risk control requirements that would allow you to encrypt data, that could give you techniques for preventing it from being copied, gives you a great trust relationship with whoever you share that sensitive information. So you use both the mission need and the risk, and then prioritize requirements based on those two parameters.

View the Resource

Share or bookmarklet this web page at: