Information Security Program Survey Essay Example | Topics and Well Written Essays - 1000 words

Information Security Program Survey - Essay ExampleSince the NASA needs to manage extremely sensitive data, information, strategic plans, and space platforms, the organization pays particular attention to its information gage program. This paper will analyze NASAs information security program focusing on aspects like strategic fit, breadth and coverage, program deficiencies or implementation issues, and stated costs and benefits. NASA Information Security Program The NASA IT Security (ITS) disagreement operations under the control the Chief Information Officer to manage security projects and thereby to mitigate vulnerabilities, improve obstacles to cross-center collaboration, and to provide cost effective IT security services for supporting the agencys systems and e-Gov initiatives. The ITS Division works to command that IT security across the organization meets integrity and confidentiality to enhance disaster recovery and tenaciousness of operations. The ITS Division develops and maintains an information security program that ensures consistent security policy, indentifies and implements risk-based security controls, and tracks security metrics to gauge compliance and effectiveness (IT Security Division). This Division in like manner performs periodical audits and reviews to make certain that security policies and procedures meet accepted standards. It is clear that NASA extensively relies on information systems and communicates to manage its activities such as scientific discovery, astronautics research, and space exploration. Since many of these information systems and networks are interconnected using internet, they are more likely to be threatened by cyber attacks from different sources. While analyzing the strategic fit of the NASAs information security program, it seems that the program cannot well support the organizations goals and objectives due to several security quarrys. Although the organization has achieved significant advancements in i nformation security program management and security control implementation, it is still vulnerable to cyber attacks. According to the GAO report, NASA has not always implemented proper control measures to ensure the confidentiality and integrity of its systems and networks that support the organizations mission directorates. As a result, the organization often fails to sufficiently prevent, restrict, and detect unauthorized access to its systems and networks (GAO). The major pitfall of the NASAs information security program is that it has not been consistent in identifying and authenticating users and limiting user access to its key systems and networks. The organization cannot effectively encrypt its network services and data and often fails to protect its network boundaries. It is alarming to note that the organization has even failed to protect its information technology resources physically. In addition, shortcomings in the auditing and observe of computer-related events also c ontributed to the organizations information security inefficiency. The organization also faces challenges in effectively segregating incompatible duties and managing system configurations. The key reason for those inefficiencies in NASAs information security program is that the organization is yet to implement some key activities to make certain that control measure are appropriately real and functioning efficiently. The organization does not give specific focus to complete assessment of information secur