A study of the federal management community's awareness, attitudes and understanding of information security requirements: Focus on FISMA best practices.

摘要

Information technology and E-Government services are vital to the operation of federal agencies and, indeed, the functioning of American society. Over the years, numerous laws and regulations have been created to help secure the federal information infrastructure. The most recent Federal Information Security Management Act (FISMA) of 2002 makes information security a constant management focus across government, the rationale being that management commitment and sponsorship are critical to implementing change and sustaining progress.; Unfortunately, despite constant monitoring via the President's Management Agenda and frequent FISMA reports submitted to the Office of Management and Budget and to Congress, the status of information security in federal agencies continues to be unsatisfactory at best. Much work remains to be done, especially regarding the managerial aspects of information security.; This dissertation research attempts to understand---in precise, quantitative terms---the federal management community's perceptions of FISMA and its implementation. In particular, the research compiles and analyzes data related to federal managers' knowledge of information security programs in their organizations, their awareness of FISMA requirements, their attitudes towards FISMA best practices, and their understanding of the interdependencies between FISMA best practices.; Middle managers have a strategic role in information security, and their engagement is crucial to the success or failure of security programs at federal agencies. The survey data collected in this research provide a snapshot of middle managers' awareness, attitudes and understanding of FISMA and its implementation. Analysis of the data yields valuable insights into the major issues impacting the implementation of security programs at federal agencies.; This research is an important first step to developing a comprehensive understanding of the enablers and barriers to creating and maintaining successful information security programs across government. Moreover, it identifies new requirements for assessing information security postures at federal agencies. It is hoped that the results will provide guidance to policy makers, legislators and senior government executives on enhancing information security programs as well as refining FISMA, and crafting information security legislation and policy.