Federal Government Information Security and Privacy Regulations
Information Security Challenges Facing the Federal Government
The Federal Information Security Management Act
Protecting Privacy in Federal Information Systems
Import and Export Control Laws
Examples
A culture within the federal governments of merely complying with reporting requirements
Lack of an enterprise approach to information technology
Lack of coordination between the federal government and the private sector
Lack of focused research ans development activities to enhance cybersecurity
Lack of coordination within the federal government
Scope
Main requirements
Purpose
Oversight
To protect federal IT systems and the data in those systems
Applies to all federal agencies
The role of NIST
Central incident response center
Agency information security programs
In the beginning, the OMB was responsible, bit later some was transferred to the DHS
The e-government act of 2002
OMB breach notification policy
The privacy act of 1974
Used to limit organization on collecting individuals data and having consent from the individual to distribute the data
Post privacy policies on their websites
Post machine-readable privacy policies on their websites
Review their IT systems for privacy risks
Report privacy activities to the OMB
Source for notification
Contents of the notification
Time for notification
Means of providing the notice
Whether breach notification is required
Who gets the notice
Export administration regulations
Regulations form the office of foreign asset control
International traffic in arms regulation
Missing hard drives
Social networking sites