[ISN] Another View: Telework and continuity plans go hand in hand

From: InfoSec News (isn@private)
Date: Sun Nov 20 2005 - 22:42:36 PST


http://www.gcn.com/24_33/opinion/37567-1.html

By Thomas Blitz 
Special to GCN
11/21/05

Nothing focuses attention like a disaster. Whether natural or
man-made, calamitous events this year have underscored the necessity
of being prepared. Hurricane Katrina demonstrated the need for
continuity of vital government services and what can happen if
services are interrupted.

Continuity of operations relies more than ever on enabling government
employees and contractors to work from any location - whether that
means remote work centers, office space provided by another agency, a
contractor's site, or a hotel room or home. The critical ingredient
for continuity-of-operations planning (COOP) is a telecommunications
system and data network that enables secure, remote use of the same IT
resources that would be accessed from the main office.

Teleworking from any offsite location brings immediate and
well-documented benefits to an organization. But the value of telework
extends beyond simply giving employees work-life benefits or reducing
operating costs. It also enables continuous vital government services
during a state of social emergency.

Public Law 106-346, Sec. 359, passed in 2000, directed all executive
branch agencies to establish a telework policy. The Federal Emergency
Management Agency (FEMA)'s Federal Preparedness Circular 65 for COOP
includes alternate work facilities and interoperable communications as
key elements for operational continuity. FEMA's June 15, 2004, update
to FPC-65 requires agencies to "give consideration to other options,
such as telecommuting locations, work-at-home, virtual offices, and
joint or shared facilities." The director of the Office of Management
and Budget reinforced that instruction in a memorandum June 30, 2005.

To implement telework, agencies must use approved processes and best
practices. This includes providing employees with adequate technology
and training employees and managers how to do their work within the
telework framework.

There are many resources to help implement telework and secure
business continuity. A standard source is the Interagency Telework Web
site at www.telework.gov, which is jointly operated by the Office of
Personnel Management and the General Services Administration. Another
is "Exploring Telework as a Business Continuity Strategy: A Guide to
Getting Started" from the Telework Advisory Group for WorldatWork
(ITAC), available at: www.workingfromanywhere.org

Security measures are also essential to enabling telework, especially
when it involves remote use of IT applications and sensitive or
confidential information. Disruption of IT-based services or improper
use of information in the system from cyberattacks, or accidental loss
or theft of a notebook or portable storage device, remain real
concerns. Telework security is an extension of security for all
federal information systems covered under the Federal Information
Security Management Act of 2002.

Here again, there are many resources available. FISMA directs the
National Institute of Standards and Technology to handle technical
details for cybersecurity ( www.nist.gov )

NIST publications categorize security standards (such as FIPS-199),
provide guidelines (SP 800-60), and describe security controls (SP
800-53, soon to become FIPS-200). SP 800-53 is useful for specifying
and purchasing security technologies and for its description of dozens
of security controls for identification and authentication,
access-control, audit and accountability, and system and
communications protection.

Telework security involves both electronic and physical security.  
Authentication and encryption technology, for example, does both -
protecting information as it is electronically moved to and from
remote teleworkers and protecting information on physical devices used
to transport or compute information off-site.

By implementing telework now, federal agencies can get immediate
business benefits and establish practical means to ensure continuity
of operations during an emergency.

Thomas Blitz is president of Pointsec Mobile Technologies Inc., USA of
Mokena, Ill.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Sun Nov 20 2005 - 22:55:03 PST