What is the information security act? This article discusses the meaning of the topic. As a result, you can have more knowledge about this study.
What is The Information Security Act?
The information security act is an act by the United States Congress to help ensure that information is properly protected. Also, the U.S. Congress passed the Act in response to several high-profile computer break-ins, including the Morris worm and the Watergate break-in.
The goal of the act is to help secure federal information and information systems by:
- 1. Identifying potential risks to information security;
- 2. Establishing a program that includes policies, procedures, and guidelines; and
- 3. Promoting awareness of information security among agency personnel.
The act requires federal agencies to identify the systems that collect. Also, use or store national security information, as well as other sensitive but unclassified information.
Agencies also must identify their major automated information systems (including major applications), and assign responsibility for the security of each system.
How the Information Security Act Works
The act requires each federal agency to develop a program to protect the security of its information and information systems. The program must include:
- 1. Security policies, procedures, and guidelines for all agency operations that involve the use of automated information systems.
- 2. A requirement for each system to be for its security features. Also, for each system determined to have a high-security risk to be by a team of experts every two years.
- 3. A requirement for each agency head to evaluate annually the overall effectiveness of the agency’s automated information security program. Also, submit a report to OMB.
- 4. A requirement that agencies develop a plan to provide adequate training in the proper use of automated information systems. As well as a plan to periodically test the effectiveness of the training.
- 5. A requirement that each agency provides adequate protection for the security and privacy of sensitive information systems and information data. Also, including automated systems that are to support the agency’s mission and business functions.
- 6. A requirement that senior agency management is accountable for the effectiveness of their information security programs.
While agencies are to have an information security program, it is important to note that the act does not mandate specific security controls or standards. The law does require agencies to consider the cost of implementing and maintaining security controls as part of their risk management efforts.
How the Information Security Act Relates to Other Laws or Government Initiatives
The act is part of a government-wide effort to improve the protection of sensitive but unclassified information. Also, a key part of this effort is the development and implementation of a government-wide information security program.
The act also was to help protect against some of the same kinds of attacks that are by the Computer Security Act of 1987. Also, this act requires federal agencies to develop, document, and implement security programs for their computer systems that store, process or transmit federal information.
The act also was to complement the requirements in P.L. 100-235, The Computer Matching and Privacy Protection Act of 1987, which prohibits government agencies from using computer matching programs without certain statutory protections.
Other laws that may be relevant to an agency’s information security program include:
- 1. The Human Resources Management Act of 1986, which deals with privacy and security in the areas of personnel records and drug testing;
- 2. The Federal Property and Administrative Services Act of 1949, which provides for the development of government-wide procurement standards for information systems;
- 3. Title XVI of the National Security Act of 1947, which requires agencies to protect classified information that is processed, stored, or transmitted by automated information systems; and
- 4. The Paperwork Reduction Act of 1980, which requires agencies that collect information from 10 or more people to develop rules to help ensure the security and privacy of the information.
Conclusion
The information security act is an act passed by the United States Congress to help ensure that information is properly protected. Also, the U.S. Congress passed the Act in response to several high-profile computer break-ins, including the Morris worm and the Watergate break-in.