Premium Essay

Sdfdasd

In:

Submitted By hilo
Words 417
Pages 2
nfoactmaenablin rmation system security processes and ivities provide valuable input into naging IT systems and their development, g risk identification, planning and mitigation. A risk management approach1 involves continually balancing the protection of agency information and assets with the cost of security controls and mitigation strategies throughout the complete information system development life cycle (see Figure 2-1). The most effective way to implement risk management is to identify critical assets and operations, as well as systemic vulnerabilities across the agency. Risks are shared and not bound by organization, revenue source, or topologies. Identification and verification of critical assets and operations and their interconnections can be achieved through the system security planning process, as well as through the compilation of information from the Capital Planning and Investment Control (CPIC) and Enterprise Architecture (EA) processes to establish insight into the agency’s vital business operations, their supporting assets, and existing interdependencies and relationships. With critical assets and operations identified, the organization can and should perform a business impact analysis (BIA). The purpose of the BIA is to relate systems and assets with the critical services they provide and assess the consequences of their disruption. By identifying these systems, an agency can manage security effectively by establishing priorities. This positions the security office to facilitate the IT program’s cost-effective performance as well as articulate its business impact and value to the agency.
I
FIGURE 2-1. POSITIONING SECURITY CONSIDERATIONS
Executing a risk management-based approach for systems and projects means integrating security early and throughout the agency’s established system and CPIC life cycles. Integration enables security to be

Similar Documents