Computer security should not exist as an afterthought; protection must be given to critical components associated with an entity's business requirements. The establishment of a security management structure (e.g., hierarchy) is essential to the success in securing an operational business environment. A security program cannot be maintained without the management structure in place, as the exploration of business objectives cannot truly begin until a security management framework has been constructed.

ISFMT's Information Assurance Focus

Our proactive strategy to continuous and effective IA program management is based upon possessing the right people, infrastructure, processes and technology. The intent of the program is reducing risk to a manageable level while meeting the business goals of the domains and enterprise. Our security program will illustrate efficiencies in conjunction with existing security control and mechanisms, as security management will be able to effectively concentrate efforts toward defined goals and maximize the utilization of resources .

Our approach integrates IA throughout the enterprise while concurrently developing an enterprise security architecture. This task starts with Enterprise and Domain Support functionalities, where IA provides security engineering and support to the Enterprise Configuration Management efforts. ISFMT invokes IA in the earliest stages of the engineering systems development process to ensure proper security mechanisms are integrated into the enterprise.

ISFMT Program Structure

In accordance with NIST and DoD regulations, protection of information is the responsibility of the IA Program. Specifically, the full IA program implementation (e.g., final stage) includes:  

• Engineering Project Support: The IA program applies network security rigor and expertise to engineering, systems application and development projects.
  
• Operations and Maintenance Support: Network Operations/Enterprise Services staff (e.g., engineers, system administrators, Tier 2 and 3 support, IT Staff) are assisted in satisfying domain requests and requirements; thereby meeting established metrics. An IA program's intent is not to hinder operational processes, but to ensure that confidentiality, integrity, and availability are maintained.
  
• Overall Security Management Support : In addition to the security expertise that the IA program possesses, it establishes rapport with other security experts (e.g., internal and external to the AGENCY community: IT Staff, Executive Management, etc.). An IA program will engage this knowledge base to support Enterprise Engineering and Domain Support functions.