System Security for Department of Human and Health Services Essay

System Security for Department of Human and Health run - Essay ExampleThe SSP works in accordance to the guidelines provided under the National Institute of Standards and Technology (NIST) superfluous Publication 800-53 Rev 4 Guide for Assessing Security Controls in Federal Information Systems and Organizations, Building good Security Assessment PlansThe purpose of this Cybersecurity profile is to provide an overview of the cybersecurity requirements for the HHS (Department of Human and Health Sciences) with a succinct verbal description of how the management, operational, and technical controls in place and those planned for the future, meet NISTs requirements.Security categorization defines categories of information systems in relation to impact loss. It involves the classification of information and information systems in accordance with the potential effect on an organization. The analysis also depends on the occurrence of events that might jeopardize the information and infor mation systems required by the organization for the accomplishment of its mission, protection of its assets, fulfilment of its legal duties and protection of individuals. Security categorization is based on the vulnerability and threat information in evaluating an organizations risk. The HHS management evaluates systems and assigns a level (low, moderate, high) in relation to the risk to HSS in case of breach of security. The level depends on risks of confidentiality, integrity, and availability of information (Barker, 2004).It is the indebtedness of HHS (System Owner) and its stakeholders to identify and establish the information system type. The security concern of HHS is to ensure that shared resources such as networks, communications and physical access within the whole general support system or study application are sufficiently protected. Therefore, it can be said that the information type held by HHS is mission-based (Barker, 2004). By virtue of the personal information of individuals held by HSS (HHS Cyber Security Program, 2014), the type of information system can be said to be Personally Identifiable Information.