1.3: IT Security
Ensure adequate security for information technology systems to protect the confidentiality, integrity, and availability of
information.
Other Information:
Measure (Performance Indicator) #1: An Information Technology (IT) Security Policy for OGE is documented and reviewed annually
to ensure applicability. The IT Security Policy shall establish policies, assign organizational and management roles and responsibilities,
and establish minimum requirements for the development, implementation, maintenance, and oversight of an information technology
(IT) security program for protecting OGE information and IT systems that store, process, or transmit unclassified information.
Measure (Performance Indicator) #2: An Information Technology (IT) Security Plan for OGE is documented and reviewed annually
to ensure applicability. The Information Technology Security Plan shall define the approach for establishing, implementing,
and maintaining the OGE security program in accordance with the IT Security Policy. Measure (Performance Indicator) #3: Conduct
quarterly and annual assessments of OGE=s IT Security Program and report to OMB and Congress as required. Assessment guidelines
shall be developed to provide a method for OGE officials to determine the current status of the IT Security Program. Ideal
(Performance Goal) - There is 100% compliance with the Federal Information Security Management Act security program management
guidelines. Measure (Performance Indicator) #4: Conduct annual assessments of OGE=s mission-critical programs. The Office
of Management and Budget (OMB) has requested that the NIST Special Publication 800-26 (Security Self-Assessment Guide for
IT Systems) be used as the basis for these reviews. Ideal (Performance Goal) - There is 100% compliance with the NIST Special
Publication 800-26 (Security Self-Assessment Guide for IT Systems) for OGE mission-critical systems. Measure (Performance
Indicator) #5: Constantly keep up with new virus and hacker attack methodologies. Security is a fast-changing field and it
is critical that IRMD staff keep abreast of new viruses and security holes. (Two sources of vital security information are
FEDCIRC and NIPC.) Measure (Performance Indicator) #6: Install, test and implement all necessary security software, including
an Intrusion Detection System (IDS) to ensure the safety of our business systems. Measure (Performance Indicator) #7: Keep
users informed of security issues on a regular basis. New hires receive an IT security briefing and computer security awareness
training is provided to OGE employees on a regular basis. Ideal (Performance Goal) - 100% of OGE employees receive computer
security awareness training annually. Measure (Performance Indicator) #8: Carefully test and implement appropriate security
for all OGE E-Commerce initiatives to ensure that it is equal to (or better than) the security afforded to our current paper-based
systems. As we work towards e-government and reaching our GPEA goals, we must be sure that security is kept in mind every
step of the way.
Indicator(s):
|
