Federal Information Security management Act (FISMA) is an act of the federal government which is tasked with ensuring that information security and their management is complied with. They ensure that the Nation Institute of Standards and Technology (NIST). FISMA was introduced in 2002 and was meant to ensure new technologies standards were secured. Their role was to ensure that the functional controls that were defined by NIST were complied with. This way, FISMA improved the security in technology and more so the cyber security. There has been a diverse collection of security products and FISMA has been struggling to manage all these products as a single system.
FISMA plays an important role in controlling and mitigating cyber security. This is because they ensure that there is a periodic assessment of risks that includes checking the magnitude of harm that could be caused as a result of unauthorized access, use and disclosure of sensitive information. This is a vital role in cyber security as new security issues emerge every day. There is therefore a need to assess these security issues in a continuous basis.
FISMA has a role in cyber security as they make sure organizations have plans to provide security for networks, facilities and information systems. This should be a continuous undertaking that should be carried out by information systems. They also ensure that organizations have training for staff concerning security associated with their activities in that organization. This way, they ensure that the people take caution on the use of information systems in an organization. They also undertake testing of information systems to see if they are secure. With this task, they ensure that the security plans are working and are up to date in the organizations in which they are implemented.
FSMA is therefore important and relevant to cyber security as they help to make the security officials of organizations be aware of the status of the security in their organizations.
References
Allen, J. (2003). The ultimate guide to system security. Boston: Madison-Wesley.
Dhillon, G. (2007). Information systems security and principles. New York: John Wiley & Sons.
Kim, D., & Solomon, M. (2010). Fundamentals of information systems security. Texas: Jones & Bartlett Learning.
Matt, C. (1997). Introduction to Network security. New York: Wiley.
Pfleeger, C., & Pfleeger, S. (2003). Security in computing. London: Prentice Hall Professional.
Swaminatha, T. M., & Elden, C. R. (2003). Wireless security and privacy: Best practices and design techniques. New York: Addison-Wesley Professional.
