The Canada Border Services Agency is a federal law enforcement agency that is responsible for border control, immigration enforcement, and customs services in Canada.
The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.
A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Compliance has traditionally been explained by reference to the deterrence theory, according to which punishing a behavior will decrease the violations both by the wrongdoer and by others. This view has been supported by economic theory, which has framed punishment in terms of costs and has explained compliance in terms of a cost-benefit equilibrium. However, psychological research on motivation provides an alternative view: granting rewards or imposing fines for a certain behavior is a form of extrinsic motivation that weakens intrinsic motivation and ultimately undermines compliance.
The Homeland Security Act (HSA) of 2002, was introduced in the aftermath of the September 11 attacks and subsequent mailings of anthrax spores. The HSA was cosponsored by 118 members of Congress. The act passed the U.S. Senate by a vote of 90–9, with one Senator not voting. It was signed into law by President George W. Bush in November 2002.
A chief security officer (CSO) is an organization's most senior executive accountable for the development and oversight of policies and programs intended for the mitigation and/or reduction of compliance, operational, strategic, financial and reputational security risk strategies relating to the protection of people, intellectual assets and tangible property.
A chief information security officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance. The CISO is also responsible for protecting proprietary information and assets of the company, including the data of clients and consumers. CISO works with other executives to make sure the company is growing in a responsible and ethical manner.
The chief compliance officer (CCO) is a corporate executive within the C-suite responsible for overseeing and managing regulatory compliance issues within an organization. The CCO typically reports to the chief executive officer or the chief legal officer.
Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The core of ISM includes information risk management, a process that involves the assessment of the risks an organization must deal with in the management and protection of assets, as well as the dissemination of the risks to all appropriate stakeholders. This requires proper asset identification and valuation steps, including evaluating the value of confidentiality, integrity, availability, and replacement of assets. As part of information security management, an organization may implement an information security management system and other best practices found in the ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27035 standards on information security.
The Office of Financial Institutions (OFI) is an agency of the United States federal government in the United States Department of the Treasury. OFI coordinates the department's efforts regarding financial institutions legislation and regulation, legislation affecting Federal agencies that regulate or insure financial institutions, and securities markets legislation and regulation. The office coordinates the department's efforts on financial education policy and ensuring the resiliency of the financial services sector in the wake of a terrorist attack.
Security level management (SLM) comprises a quality assurance system for electronic information security.
Information governance, or IG, is the overall strategy for information at an organization. Information governance balances the risk that information presents with the value that information provides. Information governance helps with legal compliance, operational transparency, and reducing expenditures associated with legal discovery. An organization can establish a consistent and logical framework for employees to handle data through their information governance policies and procedures. These policies guide proper behavior regarding how organizations and their employees handle information whether it is physically or electronically created (ESI).
The Department of Defense Whistleblower Program in the United States is a whistleblower protection program within the U.S. Department of Defense (DoD) whereby DoD personnel are trained on whistleblower rights. The Inspector General's commitment fulfills, in part, the federal mandate to protect whistleblowers. It also administers the Defense Intelligence Community Whistleblower Protection Program (DICWP), as a sub-mission for the intelligence community. The Inspector General's Defense Criminal Investigative Service also conducts criminal investigations which rely, in part, on Qui Tam relators.
Homeland Security Grant Program (HSGP) is a program in the United States established in 2003 and was designated to incorporate all projects that provide funding to local, state, and Federal government agencies by the Department of Homeland Security. The purpose of the grants is to purchase surveillance equipment, weapons, and advanced training for law enforcement personnel in order to heighten security. The HSGP helps fulfill one of the core missions of the Department of Homeland Security by enhancing the country's ability to prepare for, prevent, respond to and recover from potential attacks and other hazards. The HSGP is one of the main mechanisms in funding the creation and maintenance of national preparedness, which refers to the establishment of plans, procedures, policies, training, and equipment at the Federal, State, and local level that is needed to maximize the ability to prevent, respond to, and recover from major events such as terrorist attacks, major disasters, and other emergencies. The HSGP's creation stemmed from the consolidation of six original projects that were previously funded by the Office of State and Local Government Coordination and Preparedness. The HSGP now encompasses five projects in the program: State Homeland Security Program, Urban Areas Security Initiative, Operation Stonegarden, Metropolitan Medical Response System Program, and Citizen Corps Program. During the 2010 fiscal year, the Department of Homeland Security will spend $1,786,359,956 on the Homeland Security Grant Program.
IT risk management is the application of risk management methods to information technology in order to manage IT risk, i.e.:
The Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI) is a program of the United States government used to collect and share reports of suspicious activity by people in the United States. The Nationwide SAR Initiative (NSI) builds on what law enforcement and other agencies have been doing for years — gathering information regarding behaviors and incidents associated with criminal activity — but without the customary restrictions on collecting data on individuals in the absence of reasonable suspicion or probable cause. The program has established a standardized process whereby SARs can be shared among agencies to help detect and prevent terrorism-related criminal activity. This process is in direct response to the mandate to establish a "unified process for reporting, tracking, and accessing [SARs]" in a manner that rigorously protects the privacy and civil liberties of Americans, as called for in the 2007 National Strategy for Information Sharing (NSIS), which in turn was authorized by the Intelligence Reform and Terrorism Prevention Act of 2004. Reports of suspicious behavior noticed by local law enforcement or by private citizens are forwarded to state and major urban area fusion centers as well as DHS and the FBI for analysis. Sometimes this information is combined with other information to evaluate the suspicious activity in greater context. The program is primarily under the direction of the US Government & US Department of Justice.
The Information Sharing Environment (ISE) was established by the United States Intelligence Reform and Terrorism Prevention Act of 2004. Under Section 1016 of IRTPA, the Program Manager for the Information Sharing Environment (PM-ISE) was granted government wide authority to plan for, oversee the implementation of, and manage the ISE.
Privacy by design is an approach to systems engineering initially developed by Ann Cavoukian and formalized in a joint report on privacy-enhancing technologies by a joint team of the Information and Privacy Commissioner of Ontario (Canada), the Dutch Data Protection Authority, and the Netherlands Organisation for Applied Scientific Research in 1995. The privacy by design framework was published in 2009 and adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities in 2010. Privacy by design calls for privacy to be taken into account throughout the whole engineering process. The concept is an example of value sensitive design, i.e., taking human values into account in a well-defined manner throughout the process.
A Privacy Impact Assessment (PIA) is a process which assists organizations in identifying and managing the privacy risks arising from new projects, initiatives, systems, processes, strategies, policies, business relationships etc. It benefits various stakeholders, including the organization itself and the customers, in many ways. In the United States and Europe, policies have been issued to mandate and standardize privacy impact assessments.
The US Department of Commerce Office of Security is a division of the United States Department of Commerce (DOC) that works to provide security services for facilities of the department. Its aim is to provide policies, programs, and oversight as it collaborates with facility managers to mitigate terrorism risks to DOC personnel and facilities, program managers to mitigate espionage risks to DOC personnel, information, and facilities, and Department and Bureau leadership to increase emergency preparedness for DOC operations.
