Evaluation of the current policies and procedures of information Technology system of the US army

Free Articles

Executive summary

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

The U.S army has demanding responsibilities that it has to carry out in the most effective and efficient manner. The army relies heavily on computerized system to support its missions and to ensure that it carries it achieve its objectives/goals. To ensure that US army achieve its goals and mission they must have an information system that is effective and efficient. Information technology system control in the army affects the integrity, availability of control information and confidentiality.

As part of my audit of 2006 report on the current policies and procedures of information and technology system in the US army, I assessed the effectiveness of the current policies and procedures of information and technology system. Information polices and procedure includes the physical and the logical access policies and procedures management of configuration, continuity of operations and segregation of duties.

Introduction

The U.S army has demanding responsibilities that it has to carry out in the most effective and efficient manner. The army relies heavily on computerized system to support its missions and to ensure that it carries it achieve its objectives/goals. To ensure that US army achieve its goals and mission they must have an information system that is effective and efficient. Information technology system control in the army affects the integrity, availability of control information and confidentiality.

As part of my audit of 2006 report on the current policies and procedures of information and technology system (e-mail) in the US army, I assessed the effectiveness of the current policies and procedures of information and technology system. Information polices and procedure includes the physical and the logical access policies and procedures management of configuration, continuity of operations and segregation of duties. These policies and procedure are usually formulated so as to ensure that accessibility to data is restricted , only authorized changes to the computer program is effected, duties of computer security are segregated, recovery plans and back up are adequate and they play a vital role in ensuring the continuity of vital operations. (David eta l 2002 page 44)

Material weakness is a significant deficiency or a mixture of significance deficiencies that may end up in a more remote like hood that the procedures and polices that the army has formulated will not be of significant help.

Critiques of the policies and procedures in place

The current polices and procedures that the company has put in place are facing many challenges. Some of these challenges (Weakness) are:

The policy routinely gives users more access to the system – Cryptography greatly affects the mechanisms that are used to enforce the integrity and confidentiality of the sensitive and the critical information. Encryption is a basic element of cryptography. It can be used to provide integrity and basic confidentiality by changing the plain text into cipher using a key and algorithm. The policies of the US army require that all the soldiers should use encryption while transferring information that are sensitive but are not classified between the US army.

The national security agency also encourages the disabling of protocols that does not encrypt data (information) like password and user ID combinations being shared across the entire army. The policy that the US army is using has failed in ensuring that the information that is sensitive is adequately protected using encryption. Despite the fact that the army has a formidable procedure of encrypting its entire information system, the Information technology system department of the army has failed to do so. (Andersen 1991 page 18)

The procedure for identifying and authenticating users is not being enforced properly – an IT system must be able to identify and differentiate different users, this is to separate the activities of different personnel who are using the system. When an organization assigns a user id for a particular user, the system should be able to differentiate the different users by acting some questions like their password. The army policy requires that all the personnel to be assigned with a strong password. The information technology department has failed to do this on several occasions. Several users’ account of the army personnel does not meet the complexity or the length of password that is required to avoid hacking or guessing. The fact that the system allows a weak password, a computer criminal can easily have access to the army’s sensitive information. The army’s Information technology system has failed on several occasions to ask for authentic user’s identification. (Andersen 1991 page 22)

Despite the adequacy of Army policies, the procedure for logging mainframe activity is not clear – the main aim of the information technology security is to protect and to improve the resources of the information technology. A plan for information technology security/protection states has to give an overview of the requirement of the security system and gives a vivid description of the policies that are in place to help achieve the requirement. The department of justice requires all the agencies to develop security systems policies for general and major application, the plans must also cater for the procedure and policies for providing technical, operation and management control. T US army policy states that the plans describing the security policy should be  formulated, documented, enforced, annually reviewed and be updated after every two years in the event that there is a significant changes in the information technology system. During the evaluation of the US army IT system, the security plans that I evaluated documented the technical, the management and the operational control that the army had put in place by the time that they were formulating the plan,. According to the US army officials by the time that the evaluation was being carried out of their six plans, they had enforced two and they were in the process of enforcing the remaining four. The two that they had enforced didn’t reflect the current working environment. They ought to have started with the other ones which they had left.

This is a reflection of the failure by the army to provide its members with the necessary training required to understand the risk of the Information technology system, their role in enforcing the policies and ways of mitigating this risk. The US army policies requires the army personnel dealing with the security of Information technology system, must meet the minimum continues education hours in regard to the in regard to the roles they play. The army personnel dealing with IT system are required to undergo a minimum of 8, 12 or 4 hour of training annually, although the army has tried to achieve this, the army failed to ensure that all the personnel in dealing with the security of IT had adequate training. (Andersen 1991 page 44)

The policies of Configuration management have not been fully implemented – Duty segregation are the organization procedure and policies  that help them to control all the aspect of their IT hence preventing any unauthorized access to their system. Organization can segregate duties through dividing amongst their personnel. This reduces the likehood of a wrongful acts and error done to go without being detected, given that the personnel’s will be checking on the work of each other. The army has not segregated the duties properly. Some of the duties (Information technology system) that they have segregated are incompatible. A good example of this is that the army has granted some of its personnel access to its IT system, some of these personnel do not even require performing their official duties using this system. (Andersen 1991 page 50)

The weakness in Physical security control has reduced the effectiveness of the policy and the procedure –To protect the information technology system from vandalism, theft, deliberate or accidental sabotage, physical security control is so important. Physical control plays a greater role in preventing and limiting any one who is trying to access the system without any problem. The US has not put in place a strong physical control, like the room where their servers are located can easily be accessed with their personnel. Not every member of the army is honest some of them might take the information and use it for their own benefits like giving them out to their enemies or the terrorist. (David 2005 page 33)

Possible solutions for improvement

To put in place individuals accountability, compliance with security policies, and to avoid violation if the security, it is important to put in place a procedure that will be able to determine who, when accessed the system and for what purpose. The army should do this by laying down a procedure that will help them to determine the source of hacking. (David 2005 page 33)

            The army should continually updates the policies and the procedures this will ensure that the all. While updating the policies and the procedures they need to assess their current position in relation to the changing technology. Assessing their current position while help them come up with guidelines.

The policy should give a provision for training of the army personnel that are charged with the responsibility of maintaining the information technology system. This will help the personnel to know how their roles are sensitive in the army, given that the army information is supposed to remain as confidential as possible. (David 2005 page 33)

The procedure for authentic and identifying user should be enforced. If enforce the system will give authority only to the personnel who are authorized to use the system. This will result into the number of hacking or unauthorized access that is currently being reported by the department information technology. (Norman eta l 1986 page 34)

Conclusion

For the US army to come up with an effective and efficient procedures, I recommend that they should do the following, they need to update their policies and procedures constantly, while reviewing them they should ensure that they are in line with the changing technology, the army should also ensure that the army personnel who are working in the department of IT receives adequate training so that they can be at per with the changing technology, last but not least they should test the plans of contingency. If this is put in place, using the most effective and efficient ways, the hacking and leaking of confidential information in the army will drastically reduce.

Reference

Andersen F 1991 Information management by the Government Prentice Hall publisher’s page 8 – 56

Crawford M 1993 New office etiquette Macmillan publisher’s page 26

David P 2005 Technological Advances & Security Cambridge University Press page 21 -98

David A & Dasgupta P 2002 The impact of information technology on the management security Macmillan publishers

Jorgenson W 2007 Information Technology & the US Army Elsevier publisher page 21 – 78

Neumann P 1996 Computer related Risk Addison Wesley Publishers page 22

Norman D & Draper W 1986 Cognitive Engineering Erlbaum Associates page 28-37

Ronald R 1992 Communication of computer science at MIT Elsevier publisher page

 

Related posts:

  1. Information Systems Security
  2. Internal Policies and Procedures Reports: Using the Information System through Linux Embedment
  3. Information Technology Essay Research Paper Information technology
  4. The Proper Wear and Appearance of the Army Pt Uniform
  5. AARP An Analysis of Current Policies
  6. Critically evaluate the current status of the setting including policies and practices Essay
  7. The relationships between budget targets and performance evaluation procedures of HCC Industries Essay
  8. Understanding Processes and Procedures for Storing and Retrieving Information Essay
  9. Current State of Technology Essay

Post a Comment

Your email address will not be published. Required fields are marked *

*

x

Hi!
I'm Katy

Would you like to get such a paper? How about receiving a customized one?

Check it out