The NIST \"Guide for Developing Security Plans for Federal Information Systems\"

Question

The NIST "Guide for Developing Security Plans for Federal Information Systems" describes several example Rules of Behavior within Section 1, Figure 2 (on page 8). Review the examples and choose 2 of them and describe in your own words how a Federal employee might break/abuse each type of rule. What types of formal consequences might be appropriate for each broken rule of behavior? Are there any other topics that fit within this "Rules of Behavior" heading?  

For example, the topic "Use of copyrighted work": A Federal employee might decide to copy information from a private company's website and use it on their government website, without giving credit or referencing the source. This is plagiarism and would break any rule about properly using copyrighted work. An employee who did this might face legal issues for plagiarism, could be suspended or fired, or may lost their ability to edit/update any government websites. Etc, etc...

Please respond with your discussion post of at least 300 words

Guide for Developing Security Plans for Federal Information Systems Examples of Controls Contained in Rules of Behavior Delineate responsibilities, expected use of system, and behavior of all users. Describe appropriate limits on interconnections Define service provisions and restoration priorities. Describe consequences of behavior not consistent with rules. Covers the following topics o Work at home o Dial-in access o Connection to the Internet o Use of copyrighted work o Unofficial use of government equipment o Assignment and limitations of system privileges and individual accountability o Password usage o Searching databases and divulging information. Figure 2: Rules of Behavior Examples 1.9 System Security Plan Approval organizational policy should clearly define who is responsible for system security plan approval and procedures developed for plan submission, including any special memorandum language or other documentation required by the agency. Prior to the certification and accreditation process, the designated Authorizing officials independent from the system owner, typically approves the plan C

Explanation / Answer

Password Usage: A password is a security token that authorizes an employee for certain specific privileges. A password could be something an employee knows (a string of characters) or something an employee has (a token or device). A federal employee must use a very strong password that cannot be easily guessed or brute-forced. A weak password used by an employee could endanger the security of the whole system. For example, a malicious user who knows the password of some other user could leverage his system to do some evil deeds. All federal employees must follow some guidelines for setting up their passwords. These may include:

In case of an incident, where credentials of an employee are used for a malicious deed, the concerned employee would be held responsible. He might face legal issues for espionage. He/she could be suspended or fired for violation of policy.

Searching databases and divulging information: A federal employee might search some confidential information using his access credentials and make the information public. The information which was not intended for public could be used for malicious purposes if fell in wrong hands. A federal employee could divulge information with malicious intent or unknowingly. For example, if a federal employee publishes the social security numbers of some clients on his blog, then he is divulging confidential information to public. This could pose a very serious security threat and also risk the privacy of clients. An employee who did this might face legal issues for breaking confidentiality of data and violating privacy of individuals. He/she could be suspended or fired or may lose some privileges.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.