Information Assurance (IT Security & Privacy) Program
The Department of the Interior has ongoing efforts to protect its information and information system resources. The first Departmental computer security policy was issued in May 1980. Since that time, information technology has undergone significant changes. The Department's dependence on information technology to support its mission has led to extensive growth in the number and types of computer systems throughout the Department. As a result, the focus on information security in the Department has increased.
The Department created its first full-time computer security position on August 15, 1988, because of increased Departmental awareness of potential security threats. The Department continuously works towards improving its information security program and policies.
The Department’s Chief Information Officer (CIO) is responsible for providing policy, guidance, advice and oversight for information security and also serves as the Senior Agency Official for Privacy (SAOP). The Department’s Chief Information Security Officer (CISO), who serves as the senior agency information security officer, supports the CIO in carrying out responsibilities specified by the Federal Information Security Management Act (FISMA) as delegated by the Secretary of the Interior. Those responsibilities include developing and maintaining the Department’s overall information assurance (IT security and privacy) program and assisting in ensuring agency compliance with the requirements of FISMA, the Privacy Act, and related policies, procedures, standards, and guidelines.
Designated senior agency officials, serving as Authorizing Officials for information systems within each bureau and office, are responsible for the security and protection of information and information systems entrusted to their care. Each bureau and office appoints a Bureau Chief Information Security Officer (BCISO) to serve as the focal point for information security matters and to coordinate information security program requirements with the Department. The Department’s Privacy Officer, reports to the CISO, and supports the CIO in carrying our responsibilities specified by the Privacy Act. Each bureau and office also appoints a Privacy Officer To serve as the focal point for Privacy program matters and to coordinate associated requirements with the Department.
Departmental policy requires managers and users, including contractors, at all levels to be responsible and accountable for protecting the information resources they utilize. Departmental policy also places emphasis on risk management, contingency planning, and awareness training.
DOI will safeguard its information systems through the implementation of the DOI Information Assurance Program, which will accomplish the following:
Information Technology Security Team
The Department established the IT Security Team (ITST) in January 2002. The Team's mission is to help ensure the successful implementation of the Office of Management and Budget (OMB) Circular A-130, Appendix III. The ITST is chaired by the CISO with membership comprised of BCISOs and representatives from the Inspector Generalís office. The team works on issues relating to information security such as policy, procedures and reporting to oversight agencies.
Training and Awareness
Awareness training plays an important role in achieving the Department's goal for information security and privacy. Annual information security and privacy awareness training is provided to all DOI employees, and others who have access to DOI information systems. The training objectives are to enhance awareness of the threats to, and vulnerabilities of, information systems; and to encourage the use of good information security practices within the Department.