Homeland security is the way Americans put forth the effort to ensure the homeland is safe, secure, and stands firm against terrorist acts and other hazard that could put the health and welfare of the American people. The mission of the Homeland Security is to prevent terrorism, secure and protect our open borders, uphold all immigration laws, safeguard and secure cyberspace, and be content and resilient when it pertains to disasters. Critical infrastructure protection (CIP) is a concept that relates to the preparedness and response to serious incidents that involve the critical infrastructure of a region or nation. Eliminating threats is impossible, so protecting against them without disrupting business innovation and growth is a …show more content…
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what …show more content…
However, some sources say that the DHS lead National Infrastructure Protection Plan (NIPP) falls well short because of not listening and not sharing information with critical infrastructure owner/operators. The NIPP document created by the DHS is for the government and is not a plan to improve resilience. The document is said to lack private sector information and most feel that the meetings with the government about the document were not heard. As for the information sharing part of the document there are shortcomings that do not enhance national level situational awareness. However, there are seven topics raised in the new document after its original creation four years ago. The first is to elevate security and resilience as the primary aim of CIP efforts. Second, expanding and updating critical infrastructure risk management. Third, focus on national priorities jointly determined by public and private sector. Fourth, integrate cyber and physical security. Fifth, affirm the reality that critical infrastructure security and resilience require international collaboration. Sixth, show continued progress to support execution of the plan at both national and community levels. Lastly, present a detailed Call to Action that includes steps the federal government will undertake to work with partners to make progress toward security and
The general topic for this literature review will be an examination of the Department of Defense and the National Guard in terms of Homeland Security. The areas of Homeland Defense and Civil Support will be primary subsections of Homeland Security which will be reviewed. For purposes of defining a time period none of the literature reviewed will be prior to September 11, 2001. The reasoning for this being to examine Homeland Defense using literature pertaining to 9/11 and the Boston Marathon Bombing, and Civil Support using literature pertaining to Hurricane Katrina.
This paper will briefly discuss the formation of the Department of Homeland Security (DHS). With every government program or agency comes an alphabet soup of acronyms and DHS is no different from the rest. To better understand the agency and concepts that comprise DHS, this paper will also examine acronyms associated with DHS. They are QHSR, HSE, NRF, NIMS, ICS, and UC. Each will get a description while highlighting and discussing core elements or requirements that each acronym calls for or offers.
Homeland defense is primarily a Department of Defense (DOD) activity and is defined as “... the protection of US sovereignty, territory, domestic population, and critical defense infrastructure against external threats and aggression, or other threats as directed by the President.” Homeland security, regardless of the definition or strategic document, is a combination of law enforcement, disaster, immigration, and terrorism issues. It is primarily the responsibility of civilian agencies at all levels. It is a coordination of efforts at all levels of government. The differences between homeland security and homeland defense, however, are not completely distinct. A international terrorist organization attack on and within the United States would result in a combined homeland security and homeland defense response, such as on 9/11 when civilian agencies were responding to the attacks while the U.S. military established a combat air patrol over New York and Washington, DC. This distinction between homeland security and homeland defense, and the evolution of homeland security as a concept, was reflected in the strategic documents developed and issued following 9/11 (Reese
For this assignment, I will discuss the evaluation process in assessing and calculating vulnerabilities for one of our nation’s Critical Infrastructures identified, as Defense Industrial Base. A vulnerability assessment is a tool used to evaluate weaknesses of a facility against threats and hazards. Norman describes vulnerability as (Norman, 2010, p.32),” Any condition or factor associated with the selected target that can be exploited to carry out an attack – vulnerabilities may be individuals or systems.” The more vulnerable an asset is, the more it’s deemed attractive, or susceptible to threats. In general, a vulnerability assessment identifies an organizations most critical assets needed to continue its function. They help determine, if functions can be repeated under threat scenarios, or need to be
Homeland Security’s mission is “to secure the nation from the many threats we face. With honor and integrity, we will safeguard the American people, our homeland, and our values.”[3]
A IT disaster can be unpredictable and inevitable to an organization. For instance, these types of disasters “can be man-made, natural disasters, technology failures and more” (Business continuity and disaster recovery plan, 2008). Many cybersecurity companies should emphasize the need for organizations to have a DR/BCP in place. In fact, cybersecurity “should acknowledge and embrace the linkages between information security and other departments, such as business continuity, disaster recovery, and emergency management” (Kirvan, P, 2014). It is important for a CISO in an organization to integrate cybersecurity to their DR/BCP. According to SISS-Consulting, “75% of organizations say IT risk can impact customer satisfaction” (Cyber Security, 2016). There are a variety of reasons, plans, and implementations that a CISO must have in mind when they are looking to
When it comes to protecting an infrastructure, careful planning and coordination needs to take place. Protecting an infrastructure takes an important security initiative called Critical Infrastructure Protection (CIP). The United States critical infrastructure is protected by the Department of Homeland Security.
Bush 2003 states that the Federal Government defines homeland security as “a concerted national effort to prevent terrorist attacks within the United States, reduce America Vulnerability to terrorism and minimize the damage and recover from attacks that do occur”. I find this interesting since it is believed that this is a national effort which depends on a partnership involving everyone to include the American people. Today it takes everyone to secure the homeland, many people who are less aware of what is going on in the country and still some of who are aware of what is going on still see the federal government as the responsible authority to protect its people from terrorist.
Organizations which rely on network infrastructure for their business operation must utilize security technology to protect the network from harmful actions of automated attacks as well as malicious human activity. It is also important to enact policies and guidelines for the employees of the organization, which in many regards can be the weakest link in the chain of security. According to a survey by The Ponemon Institute (2012), “78 percent of respondents said their organizations have experienced a data breach as a result of negligent or malicious employees or other insiders” (p.1). A statistic like this points to the need for comprehensive policies that detail the company’s expectations and mandates for specific situations relating to cybersecurity.
According to the Department of Homeland Security (2013), “Critical infrastructure are the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof” (para. 1). Approximately 85 percent of critical infrastructures is privately owned and operated, and most of these sectors are either poorly designed or deteriorated due to neglect and age (Sauter & Carafano, 2012).
Critical infrastructure can be defined as systems, facilities, technologies, methodologies, assets, and services that are crucial for the effective operation of the security, health and economic sectors of the country. The infrastructure can either be interconnected across the country’s states or can be an independent body. A lack of or disruption of the infrastructure would possibly result in catastrophic events such as adverse economic effects, loss of lives, or disruption of crucial government responsibilities or a significant deterioration of the public’s confidence in the current governance. Such assets, networks, and systems that have a bearing on the security of the country are known as critical infrastructure security and are all designated
The nation has become dependent on technology, furthermore, cyberspace. It’s encompassed in everything we deliver in our daily lives, our phones, internet, communication, purchases, entertainment, flying airplane, launching missiles, operating nuclear plants, and implicitly, our protection. The more ever-growing technology empower Americans, the more they become prey to cyber threats. The United States Executive Office of the President stated, “The President identified cybersecurity as one of the top priorities of his administration in doing so, directed a 60-day review to assess polices.” (United States Executive Office of the President, 2009, p.2). Furthermore, critical infrastructure, our network, and internet alike are identified as national assets upon which the administration will orchestrate integrated cybersecurity policies without infringing upon and protecting privacy. While protecting our infrastructure, personal privacy, and civil liberties, we have to keep in mind the private sector owns and operates the majority of our critical and digital infrastructure.
So what then, is "critical infrastructure protection"? The expression "critical infrastructure protection" (CIP) relates to the exercises for ensuring critical infrastructures. This incorporates individuals, physical holdings, and correspondence (digital) frameworks that are crucially essential for national, state and urban security, budgetary soundness, and open well-being. CIP systems and assets deflect or moderate assaults against critical infrastruct...
The network management plan and security plan is important to help the company figure out how they will improve its network and security procedures for the company. Planning involves outlining objectiv...
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.