http://www.gcn.com/24_33/opinion/37567-1.html By Thomas Blitz Special to GCN 11/21/05 Nothing focuses attention like a disaster. Whether natural or man-made, calamitous events this year have underscored the necessity of being prepared. Hurricane Katrina demonstrated the need for continuity of vital government services and what can happen if services are interrupted. Continuity of operations relies more than ever on enabling government employees and contractors to work from any location - whether that means remote work centers, office space provided by another agency, a contractor's site, or a hotel room or home. The critical ingredient for continuity-of-operations planning (COOP) is a telecommunications system and data network that enables secure, remote use of the same IT resources that would be accessed from the main office. Teleworking from any offsite location brings immediate and well-documented benefits to an organization. But the value of telework extends beyond simply giving employees work-life benefits or reducing operating costs. It also enables continuous vital government services during a state of social emergency. Public Law 106-346, Sec. 359, passed in 2000, directed all executive branch agencies to establish a telework policy. The Federal Emergency Management Agency (FEMA)'s Federal Preparedness Circular 65 for COOP includes alternate work facilities and interoperable communications as key elements for operational continuity. FEMA's June 15, 2004, update to FPC-65 requires agencies to "give consideration to other options, such as telecommuting locations, work-at-home, virtual offices, and joint or shared facilities." The director of the Office of Management and Budget reinforced that instruction in a memorandum June 30, 2005. To implement telework, agencies must use approved processes and best practices. This includes providing employees with adequate technology and training employees and managers how to do their work within the telework framework. There are many resources to help implement telework and secure business continuity. A standard source is the Interagency Telework Web site at www.telework.gov, which is jointly operated by the Office of Personnel Management and the General Services Administration. Another is "Exploring Telework as a Business Continuity Strategy: A Guide to Getting Started" from the Telework Advisory Group for WorldatWork (ITAC), available at: www.workingfromanywhere.org Security measures are also essential to enabling telework, especially when it involves remote use of IT applications and sensitive or confidential information. Disruption of IT-based services or improper use of information in the system from cyberattacks, or accidental loss or theft of a notebook or portable storage device, remain real concerns. Telework security is an extension of security for all federal information systems covered under the Federal Information Security Management Act of 2002. Here again, there are many resources available. FISMA directs the National Institute of Standards and Technology to handle technical details for cybersecurity ( www.nist.gov ) NIST publications categorize security standards (such as FIPS-199), provide guidelines (SP 800-60), and describe security controls (SP 800-53, soon to become FIPS-200). SP 800-53 is useful for specifying and purchasing security technologies and for its description of dozens of security controls for identification and authentication, access-control, audit and accountability, and system and communications protection. Telework security involves both electronic and physical security. Authentication and encryption technology, for example, does both - protecting information as it is electronically moved to and from remote teleworkers and protecting information on physical devices used to transport or compute information off-site. By implementing telework now, federal agencies can get immediate business benefits and establish practical means to ensure continuity of operations during an emergency. Thomas Blitz is president of Pointsec Mobile Technologies Inc., USA of Mokena, Ill. _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Sun Nov 20 2005 - 22:55:03 PST