Whitepaper 03-04: IA Programs and Cost Control
An IA program provides the confidentiality, integrity, and availability required by DoD information systems.Human beings constitute the weakest link of any organization; the risk posed by even the most dangerousÂ computer hacker is no worse than the damage that could be inflicted by a malicious insider, and errors andÂ omissions still rank highest in overall damage levels. This paper analyzes how an IA program can also help to contain program costs and ensure project success.
IA programs must therefore be broad in scope,Â incorporating both personnel management and operational security (OPSEC). The PORâ€™s proactive IA programÂ has targeted several key areas to help it to achieve its mission cost-effectively, including the following:
- It has established strong OPSEC throughout the program.
- It has defined effective employment practices which helped it to create a qualified and motivatedÂ workforce.
- It has used Security Awareness Training (SAT) programs to inculcate that workforce with ethicalÂ decision-making skills.
- It has implemented a standards-based Risk Management (RM) process that continuously identifies,Â evaluates, and reduces risks to the PORâ€™s organizational goals and objectives.
By adopting this same proactive stance and working hard to wring the maximum value possible from everyÂ Defense dollar, other DoD programs and projects can benefit from the RM and IA techniques advocated here toÂ control costs while continuing to deliver on their mission.