How should agencies incorporate security into management of information resources?
Effective security is an essential element of all information systems. A process assuring adequate security must be integrated into the agency’s management of information resources. This process should be a component of the both capital planning process and the EA. A system’s security requirements must be supported by the agency EA in order for it to be considered during the select phase of the capital planning process. Agencies will use the control and evaluate phases of capital planning to ensure these security requirements are met throughout the system’s life cycle. For more information on computer security please read Appendix III of this Circular. Ultimately, who determines the acceptable level of security for a system? Each agency program official must understand the risk to systems under their control. They are also responsible for determining the acceptable level of risk, ensuring adequate security is maintained to support and assist the programs under their control, ensuring t
