...Government Accountability Office Report to Congressional Committees June 2015 INSIDER THREATS DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems GAO-15-544 June 2015 INSIDER THREATS DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems Highlights of GAO-15-544, a report to congressional committees. Why GAO Did This Study What GAO Found Since 2010, the United States has suffered grave damage to national security and an increased risk to the lives of U.S. personnel due to unauthorized disclosures of classified information by individuals with authorized access to defense information systems. Congress and the President have issued requirements for structural reforms and a new program to address insider threats. The Department of Defense (DOD) components GAO selected for review have begun implementing insider-threat programs that incorporate the six minimum standards called for in Executive Order 13587 to protect classified information and systems. For example, the components have begun to provide insider-threat awareness training to all personnel with security clearances. In addition, the components have incorporated some of the actions associated with a framework of key elements that GAO developed from a White House report, an executive order, DOD guidance and reports, national security systems guidance, and leading practices recommended by the National...
Words: 17616 - Pages: 71
...structure, payment structure, and post-award contract monitoring and management. (“SARA Panel Draft Report,” 2006) In PBSA, the contractor is provided a Performance Work Statement (PWS) or a Statement of Objectives (SOO) in which the Government describes the end result. The contractor is also provided a Quality Assurance Surveillance Program (QASP) which specifies how and when the Government will assess the contractor’s performance of the tasks set forth in the PWS or SOO. (“Performance Based Service Acquisition,” 2009) In some cases, the contractor may be provided with the SOO and the contractor responds with a PWS and a QASP which is submitted for consideration in the development of the Government QASP. A Government-wide policy letter was issued by the Office of Federal Procurement (OFPP) in April 1991 directing maximum use of PBSA practices. It wasn’t until Fiscal Year 2001 that PBSA became a Presidential initiative in...
Words: 1429 - Pages: 6
...information that could be important to program funding and success. In the PPBE process, the Secretary of Defense establishes policies, strategy, and prioritized goals for the Department, which are subsequently used to guide resource allocation decisions that balance the guidance with fiscal constraints. The PPBE process consists of four distinct but overlapping phases: Planning. The planning phase of PPBE is a collaborative effort by the Office of the Secretary of Defense and the Joint Staff, in coordination with DoD components. It begins with a resource-informed articulation of national defense policies and military strategy known as the Guidance for the Development of the Force (GDF). The GDF is used to lead the overall planning process. This process results in fiscally constrained guidance and priorities - for military forces, modernization, readiness and sustainability, and supports business processes and infrastructure activities - for program development in a document known as the Joint Programming Guidance. The Joint Programming Guidance is the link between planning and programming, and it provides guidance to the DoD Components (military departments and defense agencies) for the development of their program proposals, known as the Program Objective Memorandum (POM). Programming. The programming phase begins with the development of a POM by each DoD Component. This development seeks to construct a balanced set of...
Words: 909 - Pages: 4
...UNCLASSIFIED NJF 22 Jan 15 POSITION PAPER Subj: REQUEST THE POSITION OF THE SECRETARY OF DEFENSE ON A UNIVERSAL COMBAT UNIFORM FOR ALL BRANCHES OF SERVICE Ref: (a) MCO P1020.34G (b) http://www.washingtonpost.com/world/national-security/why- camouflage-uniforms-arent-uniform/2012/10/03/0a7f4d6c-0ccc-11e2- a310-2363842b7057_story.html (c) www.gao.gov/assets/650/648976.txt 1. PROBLEM: The Department of Defense (DOD) is wasting billions of tax payer’s dollars of the budget allowing all of the military branches to develop unique combat uniforms for their own service. The Secretary of Defense should establish a universal combat uniform standard to reduce the misuse of authorized funds. 2. WHY REQUIRED: The amount of money that was spent developing the four branches of services specific uniforms since 2000 has cost the US taxpayer over eleven billion dollars in the last decade with ten different uniforms. This is money that could have been spent to ensure service members had the proper gear and equipment needed for protection in the global wars we have fought over the last decade. 3. BACKGROUND: a. Until 2002, all branches of service used the same type of uniform for their forces. It was not until the September 11th attacks that changed this thought and mindset. This has caused excessive amounts of money...
Words: 800 - Pages: 4
...Introduction The Department of Defense (DOD) has several departments within the agency that companies will need to work with in order to carry out the terms of their contracts. When considering technology specifically, the DOD has the following departments ready to assist companies: Information Assurance Support Environment, Defense Information Systems Agency, Defense Technology Security Administration, Defense Cyber Crime Center, Defense Technical Information Center, and possibly others that were not immediately obvious (U.S. Department of Defense, 2015). The Information Assurance Support Environment produces Security Technical Implementation Guides (STIGs) for various computer topics, which can be utilized by companies who wish to do business with the DOD. These guides serve as a baseline for the company in regards to the technology specifications they should have in place in order to lock down their systems and network to make them less vulnerable to malicious attacks (Defense Information Systems Agency, 2015). Among these STIGs is one written specifically for the Windows 8 / 8.1 operating system (Information Assurance Support Environment, 2015). This STIG outlines some of the changes made by Microsoft to Windows 8 / 8.1 as well as their recommendations for securing computers, which use that operating system. Tools Windows 8 / 8.1 comes with many tools built into it that allow for the administrator to use in order to do a security audit. A keyboard shortcut of pressing...
Words: 855 - Pages: 4
...Environmental Protection Agency Introduction Thе purpose of this paper is to review closely thе report entitled "EPA Needs to Improve Oversight of Its Information Technology Projects," with а major focus on its recommendations. In this paper, I will analyze different alternatives presented in thе report. I will also shed light on the Clinger-Cohen Act which directs that the Government Information Technology Shop be operated exactly as an efficient and profitable business would be operated. Acquisition, planning and management of technology must be treated as а "capital investment." Because this law is complex, all consumers of hardware and software in thе department should be aware of thе Chief Information Officer (CIO) leadership in implementing this statute. Clinger-Cohen Act Thе Clinger-Cohen Act was enacted as а response to а report released by U.S. Senator William S. Cohen of Maine in 1994 called "Computer Chaos: Billions Wasted Buying Federal Computer Systems." This report outlined thе many ways that the government squanders taxpayer funds on outmoded and unwanted computer equipment. Some of thе long-standing, systematic problems that thе Clinger-Cohen Act was enacted to resolve include: • Insufficient attention to thе way business processes are conducted and to opportunities to improve these processes before investing in thе Information Technology that supports them; • Investments in new systems for which agencies had not adequately planned and which did...
Words: 1181 - Pages: 5
...Management and Budget, Paperwork Reduction Project (0704-0188) Washington DC 20503. 1. AGENCY USE ONLY (Leave blank) 4. TITLE AND SUBTITLE 2. REPORT DATE December 2009 3. REPORT TYPE AND DATES COVERED Master’s Thesis 5. FUNDING NUMBERS Anthrax Vaccine as a Component of the Strategic National Stockpile: A Dilemma for Homeland Security 6. AUTHOR(S) Thomas L. Rempfer 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Naval Postgraduate School Monterey, CA 93943-5000 9. SPONSORING /MONITORING AGENCY NAME(S) AND ADDRESS(ES) N/A 8. PERFORMING ORGANIZATION REPORT NUMBER 10. SPONSORING/MONITORING AGENCY REPORT NUMBER 11. SUPPLEMENTARY NOTES The views expressed in this thesis are those of the author and do not reflect the official policy or position of the Department of Defense or the U.S. Government. 12a. DISTRIBUTION / AVAILABILITY STATEMENT 12b....
Words: 3672 - Pages: 15
... 2.2.7 Content Security Checking 10 2.2.8 Intrusion and Misuse Deterrence System (IMDS) 11 2.3 Demilitarized Zone (DMZ) 11 2.4 Computing Environment 11 2.4.1 Operating System (OS) Security 12 2.4.2 Host-based IDS 12 2.4.3 Content Security Checking 13 2.5 Application Security 13 2.5.1 World Wide Web (WWW) Applications 13 2.5.2 E-mail Systems 15 2.5.3 Mobile Code 15 2.5.4 Database Applications 17 2.5.5 Domain Name Service (DNS) 17 2.6 Personal Digital Assistants (PDAs) 18 3. VULNERABILITY ASSESSMENTS 21 4. INFORMATION ASSURANCE VULNERABILITY ALERT (IAVA) PROCESS 23 5. SOFTWARE DEVELOPMENT GUIDANCE 25 5.1 Purpose 25 5.2 Recommendations 25 5.3 Protocols 25 5.4 Operating Systems (OSs) 25 5.5 Encryption 26 5.6 General Considerations 26 5.7 Software Development References 26 5.7.1 Microsoft Windows NT OS 27 5.7.2 UNIX OS 27 6. DISA ENCLAVE SECURITY IMPLEMENTATION DESCRIPTION AND EXTENSION REQUIREMENTS 29 6.1 Guidance 29...
Words: 19685 - Pages: 79
...SECR 6000 Research Study – Time to update the DoD Personnel Security regulation Submitted by R. Allen Green Prepared for Dr. Beth Vivaldi SECR 6000 Security Management Fall II, 2012 Webster University December 12, 2012 CERTIFICATE OF AUTHORSHIP: I certify that I am the author. I have cited all sources from which I used data, ideas, or words, either quoted directly or paraphrased. I also certify that this paper was prepared by me specifically for this course. TABLE OF CONTENTS Cover Page……...…………………………………………………………………………………1 Table of Contents…………....…………………………………………………………………….2 Definitions and Terms…………………………………………………………………………......4 Chapter 1 – Introduction…………………………………………………………….…………….6 Background………………………………………………………………………………..6 Statement of the Problem………………………………………………………………….8 Purpose of the Study…………………………………………………………………..…10 Research Question(s)………………………………………………………………...…..10 Chapter 2 – Literature Review………………………………………………………………...…11 Legal and Ethical Issues in Security……………………………………………………..11 Security Administration and Management………………………………………………14 Business Asset Protection………………………………………………………………..16 Emergency Planning………………………………………………………………......…17 Information System Security……………………………………………………….……18 Behavior Issues……………………………………………………………………..……20 Chapter 3 – Methodology…………...………………………………………………………..….23 Research Design………………………………………………………………………….23 Data collection…………………………………………………………………...25 Data Analysis……………………………………………………………………...
Words: 7232 - Pages: 29
...Leading Change: A Plan for SAMHSA’s Roles and Actions Strategic Initiative #3: Military Families Lead: Kathryn Power, Director, Center for Mental Health Services Key Facts • Approximately 18.5 percent of service members returning from Iraq or Afghanistan have post traumatic stress disorder (PTSD) or depression, and 19.5 percent report experiencing a traumatic brain injury (TBI) during deployment.48 Approximately 50 percent of returning service members who need treatment for mental health conditions seek it, but only slightly more than half who receive treatment receive adequate care.49 The Army suicide rate reached an all-time high in June 2010.50 In the 5 years from 2005 to 2009, more than 1,100 members of the Armed Forces took their own lives, an average of 1 suicide every 36 hours.51 In 2010, the Army’s suicide rate among active-duty soldiers dropped slightly (162 in 2009; 156 in 2010), but the number of suicides in the National Guard and Reserve increased by 55 percent (80 in 2009; 145 in 2010).52 More than half of the Army National Guard members who killed themselves in 2010 had never deployed.53 In 2007, 8 percent of soldiers in Afghanistan reported using alcohol during deployment, and 1.4 percent reported using illegal drugs/substances.54 Between 2004 and 2006, 7.1 percent of U.S. veterans met the criteria for a substance use disorder.55 Mental and substance use disorders caused more hospitalizations among U.S. troops in 2009 than any other cause.56 According to an...
Words: 3477 - Pages: 14
...caps on discretionary spending through 2021, as an attempt to reduce the national deficit by more than $2.5 trillion. In 2011, Congress passed a law saying that if the parties cannot agree on methods to cut spending, about $1 trillion in automatic, arbitrary cuts would begin in 2013 (whitehouse.gov). The proposed cuts include a fixed 2% per year decrease of Medicare, cutting non-defense spending such as education by 7.8% in 2013 to 5.5% in 2021, and reducing defense spending to a total of $454 billion (Congressional Budget Office). In FY 2013, military spending accounted for 56.94% of discretionary spending (City Data). That astoundingly large fraction, coupled with the current administration’s shift towards a more hands-off foreign policy, and a survey that shows that 37% of Americans think the government is spending too much on defense, has unsurprisingly steered the government towards attempting to reviewing national defense spending (Gallup). There are 2 notable sub-divisions within the Department of Defense’s spending. Firstly, there is the Discretionary Base Budget, which includes costs such as personnel and operation fees, research, weapons procurement, and family housing, Secondly, there is the Discretionary Cap Adjustment, which...
Words: 1338 - Pages: 6
...Emerging Cybersecurity Policies in the Federal Government Information Assurance Officer and Risk Management Analyst Department of Defense. Emerging Cybersecurity Policies in the Federal Government Information Assurance Officer and Risk Management Analyst Department of Defense. CSEC 655 UMUC Individual Assignment 1 September 16, 2014 CSEC 655 UMUC Individual Assignment 1 September 16, 2014 Table of Contents Emerging Cybersecurity Policies in the Federal Government 3 Emerging Policies and Practices 4 Defense in Depth (DID) 5 Security Risk Frameworks 6 Test Driven Development 8 Business Service Frameworks 9 Acceptance and Preparation for Failure 11 The Federal Government and these Emerging Policies and Practices 13 The Feds and Defense in Depth 14 The Feds and Security Risk Frameworks 14 The Feds and Test Driven Development 16 The Feds and Business Service Frameworks 17 The Feds and Acceptance and Preparation for Failure 19 How could the Feds continue to improve 20 References 22 Emerging Cybersecurity Policies in the Federal Government One of the largest and most important enterprises there is to protect in the cyber security realm are the various networks that make up the federal government. This massive undertaking to secure the systems, networks, and data of the various governmental agencies is a never ending uphill battle. The requirements of the federal government enterprise to be globally far reaching, as well...
Words: 6354 - Pages: 26
...* Skip to section navigation * Skip to page content OBJECTIVE ANALYSIS. EFFECTIVE SOLUTIONS. Site-wide navigation * About * Support RAND * Newsroom * Events * RESEARCH * LATEST INSIGHTS * POLICY EXPERTS * CAPABILITIES * GRADUATE SCHOOL * 中文(简体) * Sign In ------------------------------------------------- Top of Form Bottom of Form RAND > Published Research > Research Briefs > RB-9336 > Invisible Wounds Mental Health and Cognitive Care Needs of America’s Returning Veterans RESEARCHHIGHLIGHTS View the print-friendly version: PDF (0.2 MB) Key findings: * Approximately 18.5 percent of U.S. servicemembers who have returned from Afghanistan and Iraq currently have post-traumatic stress disorder or depression; and 19.5 percent report experiencing a traumatic brain injury during deployment. * Roughly half of those who need treatment for these conditions seek it, but only slightly more than half who receive treatment get minimally adequate care. * Improving access to high-quality care(i.e., treatment supported by scientific evidence) can be cost-effective and improve recovery rates. | Since October 2001, approximately 1.64 million U.S. troops have deployed to support operations in Afghanistan and Iraq. Many have been exposed for prolonged periods to combat-related stress or traumatic events. Safeguarding the mental health of these servicemembers and veterans is an important part of ensuring the future readiness...
Words: 3008 - Pages: 13
...Introduction of the purpose and importance of risk management Risk management planning is a critical and often overlooked process on every project. Allowing for the proper amount of risk planning in your project schedule can mean the difference between project success and project failure when those potential risks become real issues. The plan is only the output of the process. It details how the process will be implemented, monitored, and controlled through the life of this project. It details how the group will manage risks but doesn’t attempt to define the responses to individual risks. Risks come about for many reasons, some are internal to the project, and some are external such as but not limited to the project environment, the management process, planning process, inadequate resources, and other unforseen instances that can contribute to risk. Risks associated with the project generally concern the objectives, which turn to impact time, cost, or quality, or combination of those three things. Risk management provides assurance that an organization can create and implement an effective plan to prevent losses or reduce the impact if the a loss occurs. A good plan includes strategies and techniques for recognizing and confronting the threats, solutions for both preventing and solving the situation and indicates financial opportunities. An effective risk management practice does not terminate risks. However, an effective and operational risk management practice demonstrates...
Words: 3711 - Pages: 15
...HRM592 Project – Final Background The Office of Inspector General (OIG) is an organization within the Department of Defense (DoD) with the mission to provide independent, relevant, and timely oversight that supports the warfighter and the American taxpayer by promoting accountability, integrity, and efficiency. In addition, the organization provides information to the Secretary of Defense, Congress, and the public. I am an employee in the Learning Office so that is my reason for selecting this organization for my project. In accordance with Title 5 410.201, federal agencies are required to develop training plans and programs that support a workforce capable of achieving an agency’s mission and performance goals. DoD OIG’s strategic plan goal 3.l.2 is to identify core skill requirements for each position and identify/develop training to provide opportunities for staff to attain necessary core skill. An enterprise-wide competency and training needs analysis questionnaire will assist the organization in meeting the needs of both Title 5 401.201 and strategic plan goal 3.1.2. The development of a core competency model will provide an integrated approach for supporting the mission, goals, and strategies of the organization. A core competency model will assist with establishing succession management, aligning training and development to skill gaps, and planning for future workforce needs. The identified core and technical competency models will be used to leverage...
Words: 2812 - Pages: 12
