BSA's security how-to

The Business Software Alliance has issued a document that is designed to help everybody in an organization understand why information security is important and what they can do about it. BSA officials noted that different employees have different responsibilities, including:

Corporate executives

* Responsible for oversight and coordination of policies.

* Must oversee how parts of the organization comply with security requirements.

* Responsible for taking action to enforce those requirements.

Business unit leaders

* Determine the amount of security that is needed for systems and assess their overall risk and impact on citizens in the event of a security breach.

* Provide security training.

* Develop systemic controls to ensure that information technology security measures are followed and maintained.

* Measure and report on the effectiveness of information security policies, procedures and practices.

Senior managers

* Provide security for information and systems.

* Conduct periodic assessments of the infrastructure and the risks to it.

* Determine the appropriate level of security.

* Implement cost-effective policies and procedures to reduce risk to acceptable levels.

* Conduct periodic tests of security and the controls the organization has in place for information security.

Chief information officers

* Develop, maintain and ensure compliance with the organization's information security program.

* Designate a security officer responsible for information security and training.

* Develop required policies to support an effective security program and meet the needs of the organization's businesses.

* Create a plan outlining how information is used and categorized.

* Conduct programs that raise the awareness of information security.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group