Assignment help 24101

Write 4 page essay on the topic Information Security Program Survey.

Download file to see previous pages…

Since the NASA needs to manage highly sensitive data, information, strategic plans, and space programs, the organization pays particular attention to its information security program. This paper will analyze NASA’s information security program focusing on aspects like strategic fit, breadth and coverage, program deficiencies or implementation issues, and stated costs and benefits. NASA Information Security Program The NASA IT Security (ITS) Division operations under the control the Chief Information Officer to manage security projects and thereby to mitigate vulnerabilities, improve obstacles to cross-center collaboration, and to provide cost effective IT security services for supporting the agency’s systems and e-Gov initiatives. The ITS Division works to ensure that IT security across the organization meets integrity and confidentiality to enhance disaster recovery and continuity of operations. “The ITS Division develops and maintains an information security program that ensures consistent security policy, indentifies and implements risk-based security controls, and tracks security metrics to gauge compliance and effectiveness” (IT Security Division). This Division also performs periodical audits and reviews to make certain that security policies and procedures meet accepted standards. It is clear that NASA extensively relies on information systems and networks to manage its activities such as scientific discovery, aeronautics research, and space exploration. Since many of these information systems and networks are interconnected using internet, they are more likely to be threatened by cyber attacks from different sources. While analyzing the strategic fit of the NASA’s information security program, it seems that the program cannot well support the organization’s goals and objectives due to several security pitfalls. Although the organization has achieved significant advancements in information security program management and security control implementation, it is still vulnerable to cyber attacks. According to the GAO report, NASA has not always implemented proper control measures to ensure the confidentiality and integrity of its systems and networks that support the organization’s mission directorates. As a result, the organization often fails to sufficiently prevent, restrict, and detect unauthorized access to its systems and networks (GAO). The major pitfall of the NASA’s information security program is that it has not been consistent in identifying and authenticating users and limiting user access to its key systems and networks. The organization cannot effectively encrypt its network services and data and often fails to protect its network boundaries. It is alarming to note that the organization has even failed to protect its information technology resources physically. In addition, shortcomings in the auditing and monitoring of computer-related events also contributed to the organization’s information security inefficiency. The organization also faces challenges in effectively segregating incompatible duties and managing system configurations. The key reason for those inefficiencies in NASA’s information security program is that the organization is yet to implement some key activities to make certain that control measure are appropriately developed and functioning efficiently.