System Security for Department of Human and Health Services Essay

System Security for Department of Human and Health Services - Essay Example The SSP works in accordance to the guidelines provided under the National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev 4 Guide for Assessing Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans The purpose of this Cybersecurity profile is to provide an overview of the cybersecurity requirements for the HHS (Department of Human and Health Sciences) with a succinct description of how the management, operational, and technical controls in place and those planned for the future, meet NIST’s requirements. Security categorization defines categories of information systems in relation to impact loss. It involves the classification of information and information systems in accordance with the potential effect on an organization. The analysis also depends on the occurrence of events that might jeopardize the information and information systems required by the organization for the accomplishment of its mission, protection of its assets, fulfilment of its legal duties and protection of individuals. Security categorization is based on the vulnerability and threat information in evaluating an organization’s risk. The HHS management evaluates systems and assigns a level (low, moderate, high) in relation to the risk to HSS in case of breach of security. The level depends on risks of confidentiality, integrity, and availability of information (Barker, 2004). It is the responsibility of HHS (System Owner) and its stakeholders to identify and establish the information system type. The security concern of HHS is to ensure that shared resources such as networks, communications and physical access within the whole general support system or major application are sufficiently protected. Therefore, it can be said that the information type held by HHS is mission-based (Barker, 2004). By virtue of the personal information of individuals held by HSS (HHS Cyber Security Program, 2014), the type of information system can be said to be Personally Identifiable Information.