|
IT Security ProgramOVERVIEWThe Department of the Interior has a long-standing concern for the protection of its vital information and technology resources. The first Departmental computer security policy was issued in May 1980. Since that time, information technology has undergone significant changes. The Department's dependence on automation to accomplish its mission has led to extensive growth in the number and types of computer systems in operation or planned throughout the Department. As a result, automated information security concerns at the Department have increased. The Department created its first full-time computer security position on August 15, 1988, because of increased Departmental awareness of potential security threats. The Department continues to modify and improve its information technology security program and policies in an effort to try to keep up with changing technology. The latest edition of the Departmental IT Security Plan was published in April 2002. The Chief Information Officer (CIO) of the Department is responsible for providing policy, guidance, advice and oversight for IT security. The CIO is supported by the Departmental IT Security Manager (DITSM). The senior official for IT systems (or Information Resources) management at each bureau is responsible for the security and protection of bureau IT systems. Each bureau shall appoint a Bureau IT Security Manager (BITSM) and an alternate to serve as the focal point for IT security matters and to coordinate IT security program requirements with the Department. In addition, each IT installation shall appoint an Installation IT Security Officer to ensure that users know and understand the security responsibilities for the IT resources they control. Departmental policy requires managers and users, including contractors, at all levels to be responsible and accountable for protecting the information technology resources they utilize. Departmental policy also places emphasis on risk management, contingency planning, and awareness training. ObjectivesDOI will safeguard its IT systems through the implementation of the DOI IT Security Program, which will accomplish the following:
Policies and BulletinsSeveral documents establish and define the Department's policy for the security of its information technology resources. These include:
Information Technology Security TeamThe Department established the IT Security Team (ITST) in January 2002. The Team's mission is to ensure the successful implementation of the Office of Management and Budget (OMB) Circular A-130, Appendix III. The ITST is chaired by the DITSM with membership comprised of BITSMs and representatives from the Inspector General’s office. The team works on issues relating to IT security such as policy, procedures and reporting to oversight agencies. Training and AwarenessAwareness training plays an important role in achieving the Department's goal for computer security. Periodic computer security awareness training is provided to employees who are involved with the management, use, or operation of computer systems under its control. The training objectives are to enhance employee awareness of the threats to and vulnerability of computer systems; and to encourage the use of improved computer security practices within the Department. PersonnelIT related supervisors, in conjunction with their respective personnel and security officers, review positions within the Department and assigned a sensitivity level based on the program supported and duties assigned. Personnel Officers arrange for background investigations for personnel assigned to sensitive positions.
|