Discuss FISMA Federal Information Security Management Act of

Discuss FISMA (Federal Information Security Management Act of 2002) and the Sarbanes-Oxley Act of 2002. Also, talk about their relevance to cybersecurity. Please help!!

Solution

Federal Information Security Management Act of 2002:

Major Relevant Provisions:

   FISMAcreated a security framework for federal information systems, with an emphasis on risk management,
and gave specific responsibilities to the Office of Management and Budget (OMB),the National Institute of Standards and Technology (NIST), and the heads, chief information
officers (CIOs), chief information security officers (CISOs), and inspector generals (IGs) of
federal agencies.

-->Required executive agencies to inventory major computer systems, identify andprovide appropriate security
protections, and develop, document, and implement agency-wide information security programs.
-->Gave OMB responsibility for overseeing federal information-security policy andevaluating agency
information-security programs, but exempted national securitysystems, except with respect to
enforcement of accountability for meeting requirements and reporting to Congress.
-->Revised the responsibilities of the Secretary of Commerce and NIST forinformation-system standards and
transferred responsibility for promulgation of those standards from the Secretary of Commerce to OMB.
-->Required that NIST cybersecurity standards be complementary with those developed for national security
systems, to the extent feasible.
-->Required heads of federal agencies to provide security protections commensuratewith risk and to comply
with applicable security standards. Specifically required agencies using national security systems to
provide security protections commensurate with risk and in compliance with standards for such systems.
-->Required senior agency officials to perform risk assessments, to determine and implement necessary security
controls in a cost-effective manner, and to evaluate those controls periodically.
-->Required designation of an information-security officer in each agency, security awareness training, processes
for remedial action to address deficiencies, and procedures for handling security incidents and ensuring continuity of operations.

cyber Security Research and Developmet:

Relevant Provisions:

-->Requires the National Science Foundation (NSF) to award grants for basic research to enhance computer security
and for improving undergraduate and master’s degree programs, doctoral research, and faculty development programs
in computer and network security; and to establish multidisciplinary centers for research on computer and network
security.
-->Requires NIST to establish programs to award postdoctoral and senior research fellowships in cybersecurity and to
assist institutions of higher learning that partner with for-profit entities to perform cybersecurity research to
perform intramural specified cybersecurity research; and to develop a checklist of security settings for federal
computer hardware and software for voluntary use by federal agencies.