| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Implementation of a Secure Web Environment for a Government Agency This paper details the decision making process and implementation of a secure, multi-site redundant web hosting environment for a large government agency. The security objectives are detailed and the implementation of both the logical and actual security models examined. The system in question has extremely high visibility, and though it does not harbor classified information there would be a potentially severe economic impact to the country in the event of a security breach.
By Chad M. Steel, 04/03/2004
|
|
A Guide to Government Security Mandates To reverse a trend of weak security in government computer systems, Congress has passed legislation that requires federal agencies to more effectively manage the security of its IT systems. A fundamental component of this improved security management is System Certification. System Certification provides a holistic view of the state of security for each system by identifying the risks associated with the system, identifying the countermeasures implemented to mitigate those risks, explaining how security is implemented, planning for system downtimes and emergencies, and providing a formal plan to improve the security in any one of these areas. This document identifies each major component of the System Certification process and provides an overview of each. This document endeavors to provide the reader with a solid understanding of the certification process, the order in which the steps should be completed, and some lessens learned from actual experience.
By Christian Enloe, 03/26/2004
|
|
Seeking Security: The New Paradigm for Government Agencies This document serves as a roadmap by using the US Federal Government Agency IT community as an example of how to overcome bureaucratic inertia. This guide is divided into five comprehensive activities to be used by "Any-Agency" IT operations personnel to begin to eliminate the security vulnerabilities associated with IT assets. Finally, a process is outlined to begin to change the culture and mindset of many agencies and managers from territorial elitism to cooperative interoperability.
By Stephan H. Chapman, 03/24/2004
|
|
Computer Security Issues that Affect Federal, State, and Local Governments and the Code Red Worm The first signs of the Code Red worm appeared on July 13, 2001. Code Red is a malicious program called a worm because it is self-propagating. When it compromises a computer, the worm uses that computer to begin looking for other vulnerable computers; it then propagates itself to those computers without any user action. Code Red took advantage of the fact that many computers on the Internet ran vulnerable versions of IIS.
By Jeffrey J. Carpenter, 03/03/2004
|
|
U.S. Government IT Security Laws Several laws have been passed to secure those doors of ill-intent while maintaining windows for the public. One such law is the Federal Information Security and Management Act (FISMA).
By Trevor Burke, 02/21/2004
|
|
Government Financial Architecture A Focus on Centralized Security and Continuity of Operations To reverse trends of weak security in government technology systems, Congress now requires Federal agencies to better manage internal IT security. Financial operations are of specific interest, and this effort involved looking at the technical architecture supporting the financial activities of a large Federal agency undergoing the implementation of a new financial system. The information contained in this document was provided to the Chief Financial Officer (CFO) in response to concerns of compliance.
By Matthew Mickelson, 02/17/2004
|
|
Page: 1 2 |
