4.1: Structures & Policy
Reform Structures and Policy Other Information:
Recent information breaches and disclosures highlight vulnerabilities in the protection of sensitive and classified information.
Continued implementation of structural reform and standardized policies, however, will strengthen oversight as well as align
security best practices. The risk of unauthorized disclosure and misuse of information originates from insider threats and
external intrusions; structural reforms must address both. The ability to safeguard information depends on implementing and
strengthening policies and procedures that enable network monitoring and detection of anomalous behavior to identify insider
threats and intrusions. Existing coordination bodies sustain the focus on information safeguarding and jointly own responsibility
for developing effective technical policies and standards for coordinating government-wide implementation, conducting independent
compliance assessments, and holding senior-level officials accountable. Aggregating appropriate information from counterintelligence,
security, information assurance, and human resource elements, across multiple networks and domains, in near-real time, enables
the appropriate authorities to proactively reduce and address security breaches. Likewise, developing a coordinated enterprise
capability to monitor the health of our networks and detect malicious access attempts requires a comprehensive understanding
of how applications and services are used across networks and security domains. Policies and procedures should also address
unintended release of information. Prevention, detection, and mitigation policies, paired with appropriate supporting technologies,
help create the assurance and trust among partners to confidently share information.
Indicator(s):
|
