Page 266 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 266
Broadens CFAA to cover computer systems used in international
commerce in addition to systems used in interstate commerce
Extends similar protections to portions of the national
infrastructure other than computing systems, such as railroads, gas
pipelines, electric power grids, and telecommunications circuits
Treats any intentional or reckless act that causes damage to critical
portions of the national infrastructure as a felony
Federal Information Security Management Act
The Federal Information Security Management Act (FISMA), passed
in 2002, requires that federal agencies implement an information
security program that covers the agency’s operations. FISMA also
requires that government agencies include the activities of contractors
in their security management programs. FISMA repealed and replaced
two earlier laws: the Computer Security Act of 1987 and the
Government Information Security Reform Act of 2000.
The National Institute of Standards and Technology (NIST),
responsible for developing the FISMA implementation guidelines,
outlines the following elements of an effective information security
program:
Periodic assessments of risk, including the magnitude of harm that
could result from the unauthorized access, use, disclosure,
disruption, modification, or destruction of information and
information systems that support the operations and assets of the
organization
Policies and procedures that are based on risk assessments, cost-
effectively reducing information security risks to an acceptable
level and ensuring that information security is addressed
throughout the lifecycle of each organizational information system
Subordinate plans for providing adequate information security for
networks, facilities, information systems, or groups of information
systems, as appropriate
Security awareness training to inform personnel (including
contractors and other users of information systems that support
