Information Security and Risk Management Program for Arctic Sciences
Witness the Arctic provides information on current arctic research efforts and findings, significant research initiatives, national policy affecting arctic research, international activities, and profiles of institutions with major arctic research efforts. Witness serves an audience of arctic scientists, educators, agency personnel, and policy makers. Witness was published biannually in hardcopy from 1995-2008 (archives are available below) and is currently published online 3-4 times annually, depending on newsworthy events.
With the Spring 2009 issue, ARCUS changed the format of Witness the Arctic. To provide more frequent updates and reduce printing and mailing costs and associated environmental impacts, the newsletter is now distributed online in three or four shorter issues per year, depending on newsworthy events.
NSF's Arctic Sciences (ARC) has established an Information Security and Risk Management Program to protect the confidentiality, integrity, and availability of information supporting and generated by scientific research. This initiative is designed to manage Information Technology (IT) risk to better secure information and systems and empower well-informed risk management decisions.
The IT security arm of the U.S. Navy known as the Space and Naval Warfare Systems Command (SPAWAR) worked with the Division of Arctic Sciences through an effort entitled "SPAWAR Office of Polar Programs" (SOPP), which serves as the Arctic Information Security Team. SOPP provides information security strategic and programmatic support, privacy support, security assessment and authorization, continuous monitoring, and risk management of Federal IT assets and support services on behalf of Arctic Sciences programs. In 2012 the Arctic Information Security Team visited arctic sites and worked with arctic IT service providers and users to assess the current state of IT and IT security, and plan approaches for addressing identified risks.
The SOPP facilitates the Arctic Sciences Information Assurance Working Group (IAWG). The IAWG is comprised of individuals representing key partners, contractors, and IT service providers supported by ARC. This group serves to represent and inform the arctic research and support communities regarding information assurance efforts and ongoing risk management plans and guidelines.
The IAWG was formed to ensure that Information Security requirements are tailored to arctic operational program needs and that processes, policies, and procedures are applied consistently. The IAWG provides vital input to strategies for reducing the overall Arctic Program risk by contributing to:
- Information Security policies and procedures appropriate for ARC
- ARC IT strategy
- Management of risks to ARC operations
- ARC success when audited by the NSF Chief Information Officer (CIO) and the Federal Office of the Inspector General (OIG)
For more information on the Arctic Information Security Program please refer to the first edition of the Arctic Sciences Program Information Security 101 Newsletter, available on NSF's Arctic Research Support and Logistics website: http://www.nsf.gov/od/opp/arctic/res_log_sup.jsp.