CISSP Domain 1 - Security and Risk Management

Terms in this set (169)

Amendment to the Paperwork Reduction Act. Implements additional info security policies and procedures. 5 basic purposes:
To provide comprehensive framework for establishing and ensuring the effectiveness of controls over information resources that support federal operations and assets.
To recognize the highly networked nature of the federal computing environment, including the need for federal government interoperability and in the implementation of improved security management measures, to assure that opportunities for interoperability are not adversely affected.
To provide effective governement wide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security and law enforcement communities.
To provide for deleopment and maintenance of minimum controls required to protect federla information and information systems
To provide a mechanism for improved oversight of federal agency information sec programs.
Charges NIST with responsibilties for unclassified info prcoessing and NSA for classified info processing.
Also outlines a new category of computer system - Mission critical system. It is mission critical if - It is defined as a national security system by other provisions of law. It is protected by procedures established for clasified information. The loss, misuse, disclosure or unauthorized access to or modification of any info it processes would have a debiltating impact on the mission of an agency.