Information Security and Risk Management Program for Arctic Sciences
NSF's Arctic Sciences (ARC) has established an Information Security and Risk Management Program to protect the confidentiality, integrity, and availability of information supporting and generated by scientific research. This initiative is designed to manage Information Technology (IT) risk to better secure information and systems and empower well-informed risk management decisions.
The IT security arm of the U.S. Navy known as the Space and Naval Warfare Systems Command (SPAWAR) worked with the Division of Arctic Sciences through an effort entitled "SPAWAR Office of Polar Programs" (SOPP), which serves as the Arctic Information Security Team. SOPP provides information security strategic and programmatic support, privacy support, security assessment and authorization, continuous monitoring, and risk management of Federal IT assets and support services on behalf of Arctic Sciences programs. In 2012 the Arctic Information Security Team visited arctic sites and worked with arctic IT service providers and users to assess the current state of IT and IT security, and plan approaches for addressing identified risks.
The SOPP facilitates the Arctic Sciences Information Assurance Working Group (IAWG). The IAWG is comprised of individuals representing key partners, contractors, and IT service providers supported by ARC. This group serves to represent and inform the arctic research and support communities regarding information assurance efforts and ongoing risk management plans and guidelines.
The IAWG was formed to ensure that Information Security requirements are tailored to arctic operational program needs and that processes, policies, and procedures are applied consistently. The IAWG provides vital input to strategies for reducing the overall Arctic Program risk by contributing to:
- Information Security policies and procedures appropriate for ARC
- ARC IT strategy
- Management of risks to ARC operations
- ARC success when audited by the NSF Chief Information Officer (CIO) and the Federal Office of the Inspector General (OIG)
For more information on the Arctic Information Security Program please refer to the first edition of the Arctic Sciences Program Information Security 101 Newsletter, available on NSF's Arctic Research Support and Logistics website: http://www.nsf.gov/od/opp/arctic/res_log_sup.jsp.