System Security Planning

 

FISMA requires that agency Information Systems Security Programs include individual plans that provide risk-based decisions on information security for applications, networks, and systems or groups of information systems. OMB Circular A-130 specifies that agencies develop and implement system security plans for major applications and for general support systems and that these plans include policies and procedures for providing management, operational and technical security controls.

The objective of system security planning is to improve the protection of information technology resources by detecting and preventing unauthorized use or modification to these resources. These system security plans are intended to provide a complete and up-to-date overview of a system’s security requirements and describe the controls that are in place or planned to meet those requirements. The National Institute of Standards and Technology (NIST) recommends that security plans include, among other topics, existing or planned security controls, the individual responsible for the security of the system, and a description of the system and its interconnected operational environment.

SeNet understands that information systems security planning must include risk management and must consider the value of the information systems, the motivation of potential attackers, and the need to balance the costs versus the benefits of various protective measures. As we have done for many of our Government clients, SeNet can guide you in applying the appropriate level of system security within the constraints of available resources, commensurate with anticipated and unanticipated risks and the value of technical assets and data sensitivity.