Understanding CJIS Compliance – Auditing and Accountability
Part 1, Part 2, Part 3, Part 4
In the previous blog we discussed the aspects of incident handling and how agencies should be ready in anticipating incidents and reporting them as soon as possible. In this blog we will understand various aspects of auditing and accountability. It is of vital importance that the individuals with access to Criminal Justice Information (CJI) should conform to prescribed protocols. Agencies, hence should exercise appropriate accountability and audit controls to ensure that the authorized users conform to the set rules and regulations. Agencies should also make an assessment of the inventory of the components that make up their information systems in order to determine which security controls are applicable on those components.
Read more: Understanding CJIS Compliance – Auditing and Accountability | DoubleHorn
Understanding CJIS Compliance – Incident Response
Part 1, Part 2, Part 3
In the previous blog on security awareness training we broadly discussed the various aspects that the agencies need to follow and awareness training that needs to be given to people who have access to Criminal Justice Information (CJI). In this blog, we will try to understand an agency’s response to various incidents that may occur. In the view of the increase in malicious attacks on agencies’ as well as government IT infrastructure, agencies require to secure information systems by establishing an incident handling capability that includes sufficient preparation, analysis, detection, recovery, user response and containment activities. The agencies should also ensure that there should be a mechanism to track, document and reports all the incidents to appropriate authorities or agency officials.
Understanding CJIS Compliance – Security Awareness Training.
In this blog, we will focus on the security awareness training required for personnel who access CJI. It is to be understood that the basic security awareness training is to be given to all the people who are accessing CJI data. This training is to be given within six months of initial assessment and also need to be trained once in every two years. A Special Intelligence Bureau (SIB) chief or a CJIS Systems Officer (SIB/CSO) would need to accept the documentation related to the completion of security training from another agency. Accepting the documentation from another agency means that the accepting agency assumes the risk that the training may not meet all the requirements needed by the federal, local or state laws.
Understanding CJIS Compliance – Information Exchange Agreements
In the previous blog, we saw an overview of what CJIS is and what are different policy areas and in this blog we will elaborate on the first policy area – Information Exchange Agreements.
Under the first policy area Information Exchange Agreements, it is mentioned that the information shared through communication mediums should be safely protected using appropriate security safeguards. Information exchanged can take many forms such as instant messages, electronic mail, hard copy, facsimile, web services and also information systems sending, receiving and storing CJI. It is to be noted that the agencies, before exchanging criminal justice information, should put formal agreements in place that specify the security controls. Information Exchange Agreements helps in understanding the roles, responsibilities and data ownership between agencies and other external parties.
Understanding CJIS Compliance – Information Exchange Agreements.
Here are five metrics that can help a digital marketer take these new shifts into consideration and better handle their daily bid management routine.
[Read More] 5 Digital Marketing Metrics That Matter.