IA is infamous for stalling a project in the 11th hour to blow all budgets and deployment schedules. Today, IA spreads the message loud and clear to include IA in all meetings and all thoughts regarding the products and requirements that we are working on. Think of IA in your designs and in your schedules to allow time for STIG'ing (security scans of hardware and software configurations) and ATO (Authority To Operate) paperwork to be filed.
In addition to managing the concerns about allowable versions of software on military networks (JTF-GNO), IA scans the Ports and Protocols (PnP) to ensure proper firewalls, DMZ (De-militarized Zone), MAC (Mission Assurance Category), and proxy servers.
Recent domains issues cover the privacy concerns of data:
- PII (Personally Identifiable Information)
- PKI (Public Key Information)
- PHI (Protected Health Information, Health Insurance Portability and Accountability Act- HIPAA)
With the broad scope of concerns that IA is concerned with, IA has not been responsive to daily requests for information or attendance to meetings. IA still engages in the 11th hour with a heroic effort to verify the designs, documentation, and configuration.
Information Assurance members should have CISSP (Certified Information Systems Security Professional) certification to ensure their familiarity with the CBK (Common Body of Knowledge) and the current resources to manage:
- CIA triad (confidentiality, integrity, and availability)
- the ten domain areas of interest
- access control
- application security
- cryptography
- information security
- risk management
- operations security
- physical security
- security architecture and design
- telecommunications
- network security
No comments:
Post a Comment