e-Government Technical Security Controls Taxonomy for Information Assurance Contractors - A Relational Approach

dc.contributor.advisorSkibniewski, Miroslaw Jen_US
dc.contributor.authorFofana, Momodu Idrisen_US
dc.contributor.departmentCivil Engineeringen_US
dc.contributor.publisherDigital Repository at the University of Marylanden_US
dc.contributor.publisherUniversity of Maryland (College Park, Md.)en_US
dc.description.abstractWhen project managers consider risks that may affect a project, they rarely consider risks associated with the use of information systems. The Federal Information Security Management Act (FISMA) of 2002 recognizes the importance of information security to the economic and national security of the Unites States. The requirements of FISMA are addressed using the NIST Special Publication 800-53 Rev 3, which has improved the way organizations practice information assurance. The NIST SP 800-53 Rev 3 takes a hierarchical approach to information assurance, which has resulted in the duplication and subsequent withdrawal and merging of fifteen security controls. In addition, the security controls are not associated with the appropriate information systems. The current security assessment model often results in a waste of resources, since controls that are not applicable to an information system have to be addressed. This research developed and tested the value of using an information system breakdown structure (ISBS) model for identification of project information system resources. It also assessed the value of using an e-Government Relational Technical Security Controls Model for mapping the ISBS to the applicable relational technical security controls. A questionnaire containing ninety-five items was developed and emailed to twenty-four information security contractors of which twenty-two efficiently completed questionnaires were received. The questionnaire assessed the value of using the ISBS, and the relationships of the e-Government Relational Technical Security Controls model. Literature review and industry experts opinion was used to triangulate the research results and establish their validity. Cronbach's Alpha coefficient for the four sections of the questionnaire established its reliability. The results of the research indicated that the ISBS model is an invaluable, customizable, living tool that should be used for identification of information system resources on projects. It can also be used for assigning responsibility for the different information systems and for security classification. The study also indicated that using the e-Government Relational Technical Security Controls provides a relational and fully integrated approach to information assurance while reducing the likelihood of duplicating security controls. This study could help project managers identify and mitigate risks associated with the use of information systems on projects.en_US
dc.subject.pqcontrolledInformation Technologyen_US
dc.subject.pquncontrolledinformation assuranceen_US
dc.subject.pquncontrolledinformation securityen_US
dc.subject.pquncontrolledNIST SPen_US
dc.subject.pquncontrolledSecurity controlsen_US
dc.subject.pquncontrolledSP 800-53en_US
dc.titlee-Government Technical Security Controls Taxonomy for Information Assurance Contractors - A Relational Approachen_US


Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
3.2 MB
Adobe Portable Document Format