![]() CONTACTS
![]() |
![]() May 08 Issue - Employee Monthly Magazine Goal: Implement a cyber security system that reduces risk while providing exemplary service and productivityRemedying information security deficienciesThe Laboratory recently met a major Department of Energy security compliance order action by successfully implementing new information security policies. Issued last July by Energy Secretary Samuel Bodman, the compliance order directed the Laboratory to implement a number of corrective actions to remedy deficiencies in its physical and information security programs. ![]() The Laboratory recently met a major Department of Energy security compliance order action by successfully implementing new information security policies. Issued last July by Energy Secretary Samuel Bodman, the compliance order directed the Laboratory to implement a number of corrective actions to remedy deficiencies in its physical and information security programs. "With this milestone, the Lab has completed 13 of the 14 actions required in the order," said Carolyn Zerkle of the Director's Office, head of the Security Compliance Order Project. The Laboratory's new information-security policies provide employees with guidance in a number of areas, including personal electronic devices in the workplace, wireless computing, marking information systems, media, contingency planning, disaster recovery, and risk management. These actions represent a fundamental change in the way the Lab approaches the management of risk in information security, noted Tom Harper, the Laboratory's chief information officer. "Brett Wahlin, the Lab's chief cyber security officer, and I are working closely with Carolyn Zerkle to ensure that the information security actions will be sustainable over the long term and are based on Integrated Safeguards and Security Management principles," said Harper. The Laboratory continues working to meet its last compliance order milestone—LANL information systems must be accredited by DOE and NNSA by the end of the year, including all the unclassified systems, which must be done by September 30. The immediate challenge for accreditation of unclassified systems is to identify all systems and their owners and then apply a new systematic and streamlined approach to creating security plans, explained Zerkle. "Reaccreditation of classified systems is progressing well and must be completed by December 12, 2008," she said. "This effort is truly a Labwide issue," added Harper. "We are collectively working very hard to establish compliance with federal orders with minimal impact to our programs." |
Issues
![]() ![]() |