Whitepaper 03-04: IA Programs and Cost Control

Click here to download “DoD IA Programs and Cost Control” now!

An IA program provides the confidentiality, integrity, and availability required by DoD information systems.Human beings constitute the weakest link of any organization; the risk posed by even the most dangerous computer hacker is no worse than the damage that could be inflicted by a malicious insider, and errors and omissions still rank highest in overall damage levels. This paper analyzes how an IA program can also help to contain program costs and ensure project success.

IA programs must therefore be broad in scope, incorporating both personnel management and operational security (OPSEC). The POR’s proactive IA program has targeted several key areas to help it to achieve its mission cost-effectively, including the following:

• It has established strong OPSEC throughout the program.
• It has defined effective employment practices which helped it to create a qualified and motivated workforce.
• It has used Security Awareness Training (SAT) programs to inculcate that workforce with ethical decision-making skills.
• It has implemented a standards-based Risk Management (RM) process that continuously identifies, evaluates, and reduces risks to the POR’s organizational goals and objectives.

By adopting this same proactive stance and working hard to wring the maximum value possible from every Defense dollar, other DoD programs and projects can benefit from the RM and IA techniques advocated here to control costs while continuing to deliver on their mission.