Senet Services

Security Program Development and Review

An agency’s Information Systems Security Program (ISSP) is the foundation for all of its information technology security activities.  Without a well-established program, approved at the highest levels of the organization, it is virtually impossible to establish and maintain the sound security posture necessary to protect valuable information systems and the sensitive data that they contain.

SeNet bases its ISSP planning activities on established guidelines such as NISTIR 7358, Program Review for Information Security Management Assistance (PRISMA), and other federally mandated regulations.  PRISMA is a methodology that standardizes the approach to reviewing and measuring the information security posture of an information security program. PRISMA can be used by information security personnel, internal reviewers, independent parties, auditors, and Inspector General staff to:

  • Identify information security program deficiencies,
  • Establish a security program baseline to measure future improvements,
  • Validate that mitigation activities have been implemented,
  • Provide supporting information for the FISMA scorecard and report, and
  • Prepare for or conduct an assessment, evaluation, or a review of an information system security program.

 

SeNet uses such methodologies to assist Government agencies in improving their overall security and, thereby, reducing the vulnerabilities of critical federal operations and assets. By supporting the implementation of more systematic, risk-based, and cost-effective information security frameworks and strategies, SeNet helps improve Federal agency critical infrastructure protection planning and implementation efforts.

 

In order to be successful in achieving its security objectives and maintaining compliance with FISMA and other relevant Federal statutes and guidelines, an agency must develop and follow a well-documented ISSP. To do this, agency heads must develop a program that focuses on eight broad categories:

  • Periodic Risk Assessments
  • Policies and Procedures
  • Security Plans and Measures for Networks and Systems
  • Security Awareness Training
  • Periodic Testing and Evaluation of Security Controls in all Systems
  • Process and Procedures for Correcting any Deficiencies
  • Incident Response Procedures
  • Continuity of Operations and Contingency Planning

These collectively can be considered as the agency’s ISSP. In order to successfuly carry out the ISSP, an agency needs to document it in a plan - the ISSPP.

 

SeNet has the experience and requisite expertise to help agencies plan, develop and implement a robust ISSP.  If you already have the Plan, an independent review by our experts is very advisable. Put SeNet to work for you!