Home
 Vendors
 Publications
 Ceritfications
 Associations
 IT Strategy Center
 Open Directory
 Other
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Regulatory Resource / Sectors

Maintaining Information Integrity in E-Government

By Stacey McDaniel

The E-Government Act, signed into law by President Bush in December 2002, consists of 24 initiatives that cut across many federal agencies and reflect partnerships with state and local governments. E-Government (E-Gov) is intended to make the government more citizen-centered and results-oriented through the use of technology.

The 24 initiatives were modeled after similar efforts in the private sector - in effect, taking commercial best practices and applying them to government operations. The result is the Federal Enterprise Architecture (FEA), a business-based framework that provides reference models for agencies as they make IT investments and other related improvements.

E-Gov calls for cross-functional IT and Web platforms to eliminate redundant IT spending. But unifying and simplifying the maze of existing government networks has been no small task. Historically, federal agencies have operated autonomously, with IT systems that followed suit. Not surprisingly, achieving the integration that E-Gov promotes has not come easily.

In the two years since E-Gov became law, however, federal agencies have made significant progress. A scorecard released in July by the Office of Management and Budget (the agency charged with overseeing E-Gov) showed that federal agencies made more progress expanding E-Gov in the second quarter of 2004 than in previous quarters. But as E-Gov continues to grow, what can the government do to ensure that the IT infrastructure at the heart of it is resilient and secure? The question is important because when technology is adopted rapidly, security considerations are sometimes neglected. What follows is a new approach to information management that can help E-Gov continue to mature in a secure manner.

Information sharing conundrum

How government agencies protect, manage, and put their information to work is the key to the success of E-Gov. An important component of E-Gov is information sharing -- making relevant information available to other agencies and to the public when necessary. Of course, increasing the availability of information also increases the risks to it. The federal government can't allow its information to be both 100 percent available and 100 percent secure. Instead, government needs to define and maintain an appropriate balance.

But achieving this balance between information availability and security has proven to be a complex and contentious IT challenge. On the one hand, IT departments have pursued information availability, using tools to make information accessible to the ends of the earth in support of companies' business goals. Security groups, on the other hand, work diligently to provide information security -- to make information inaccessible except to the people who need it.

A well balanced approach to information availability and security is one in which information is kept safe, yet is accessible wherever, whenever, and to whomever the business needs dictate. It's an approach that can help keep government agencies up, running, and growing -- no matter what happens.

Building a resilient infrastructure

So how does this approach to available and secure information allow government agencies to maximize security and availability? The short answer: by providing them with a resilient infrastructure.  A resilient infrastructure recognizes that information security and information availability are much more effective when addressed in tandem. This means that IT and security groups use the same tools, speak the same language, and work from the same base of information. It means the blame game stops.

Specifically, a resilient infrastructure combines advanced administration tools -- patch management, provisioning, installation design, license and asset monitoring, backup, recovery, and reporting -- with expertise in early warning systems, intrusion detection, firewall, virus protection, content filtering, compliance assessment, vulnerability assessment, and VPN.  The result is an agency that is better able to understand, act, and control its environment.

  • Understand means knowing what you need to know about your information environment, both inside and outside your organization. It means being aware of electronic threats emerging anywhere in the world before they reach your organization. It's about identifying possible regulatory compliance issues, assessing the effectiveness of security and administration tools, and constantly monitoring the status of hardware, software, information, and other network assets throughout your enterprise.

  • Act is about responding successfully to both vulnerabilities and new business needs. It's securing devices, applications, and networks against threats before they happen. It's taking steps to be sure information is up-to-date, compliant, and restorable. It's confidently integrating new technologies -- such as wireless devices -- to extend your competitive advantage.

  • Control is about managing information resources to prevent disruptions and minimize downtime. That means provisioning new applications, managing software patches, and taking other steps to keep your enterprise up, running, and growing.

Addressing today's business challenges

This approach to information security and availability also helps government agencies to take a proactive approach to Federal Information Security Management Act (FISMA) compliance. FISMA requires every federal agency, as well as any organization whose information system possesses or makes use of federal information, to develop, document, and implement an agency-wide risk-based information security program. FISMA also requires periodic testing and evaluation of the effectiveness of the information security policies, procedures, and practices. This means policy, process management, monitoring, audit, documentation, and reporting solutions that can ensure accountability, transparency, and compliance should be in place.

Conclusion

Allowing information to flow freely and securely will be the key to the success of E-Gov. Federal agencies will then be in a position to confidently deploy and use information while driving innovation, lowering costs, and increasing citizen satisfaction, all the while keeping federal agencies up, running, and growing -- no matter what happens.

Stacey McDaniel has been writing about high-tech issues for more than six years.

IT Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Sectors
Law
Tactics
Related Content

Features

View More


Metrics

View More

Fast Fact

"Federal agencies did a better job of expanding E-Gov in the second quarter of 2004 compared to previous quarters."

--Office of Management and Budget
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Cyberthieves Turning to More Invasive Approaches
Playtime: 8 min 53 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.