An Introduction to Computer Security: The NIST Handbook,@ Special Publication 800-12 (December 1995); Generally Accepted Principles and Practices for Securing Information Technology Systems,@ Special Publication 800-14 (September 1996); and Guide for Developing Security Plans for Information Technology Systems,@ Special Publication 800-18 (December 1998). More recently, the General Accounting Office published AInformation Security Risk Assessment: Practices of Leading Organizations,@ GAO/AIMD-00-33 (November 1999) (Available at ). This document is intended to help Federal managers implement an ongoing information security risk analysis process by suggesting practical procedures that have been successfully adopted by organizations known for their good risk analysis practices. This document describes various models and methods for analyzing risk, and identifies factors that are important in a risk analysis.
In light of all the above comments, we have added greater detail to the practicability aspects of the guidance, and an expanded discussion of cost-benefit analysis and its relation to risk analysis. We have also placed additional emphasis on the need for risk analyses to identify and address the full range of risks, including reasonably expected legal and enforcement risks, and technological risks. Further, we included a reporting mechanism in Part I Section 3 to facilitate the assessment of practicability. Although many of the comments concern the costs and risks of changing to electronic transactions, it is also important to consider the full range of benefits that electronic transactions can provide. Possible benefits include: increased partner participation and customer satisfaction; reduced transaction costs and increased transaction speed; improved record keeping and new opportunities for analysis of information; and greater employee productivity and enhanced quality of their output. An agency=s consideration of risks needs to be balanced with a full consideration of benefits.
We do not believe it would be appropriate to endorse one technology, and we share the concerns of those commenters who argued against such an endorsement. At the same time, we recognize that cryptographically-based digital signatures (i.e., public key technology) hold great promise for ensuring both authentication and privacy in networked interactions, and may be the only technology available that can foster interoperability across numerous applications. There are, however, applications where personal identification numbers (PINs) and other shared secret techniques may well be appropriate. These are generally relatively low risk applications where interoperability is of lesser importance. A number of agencies have successfully used PINs in groundbreaking applications, particularly the Securities and Exchange Commission for regulatory filings and the Internal Revenue Service for tax filings. They have recognized the benefits of using PINs, but at the same time they are planning for an eventual transfer to digital signatures.
not inappropriately favoring one industry or technology;ensuring that electronic signatures are as reliable as appropriate for the purpose in question;maximizing the benefits and minimizing the risks and other costs;protecting the privacy of transaction partners and third parties that have information contained in the transaction;ensuring that agencies comply with their recordkeeping responsibilities under the FRA for these electronic records. Electronic record keeping systems reliably preserve the information submitted, as required by the Federal Records Act and implementing regulations; andproviding, wherever appropriate, for the electronic acknowledgment of electronic filings that are successfully submitted.Section 2. What GPEA procedures should agencies follow?
Benefits from moving to electronic transactions and electronic signatures include reduction in transaction costs for the agency and the transaction partner. Transactions are quicker and it is often easier to access information related to the transaction because it is in electronic form. The electronic form often allows more effective data analysis because the information is easier to access. Better data analysis often improves the operation of the newly electronic transaction. In addition, if many transactions are electronic and data analysis can be done across transactions the benefits can spillover into the rest of the agency as operational awareness of the entire organization is improved. Moreover, business process reengineering should accompany all attempts to facilitate a transaction through information technology. Often the full benefits will be realized only by restructuring the process to take advantage of the technology. Merely moving an existing paper based process to an electronic one is unlikely to reap the maximum benefits from the electronic system.
(2) While digital signatures (i.e. public key/private key) are generally the most certain method for assuring identity electronically, the policy documents must be established carefully to achieve the desired strength of binding. The framework must identify how well the signer's identity is bound to his or her public key in a digital certificate (identity proofing). The strength of this binding depends on the assumption that only the owner has sole possession of the unique private key used to make signatures that are validated with the public key. The strength of this binding also reflects whether the private key is placed on a highly secure hardware token, such as a smart card, or is encapsulated in software only; and how difficult it is for a malefactor to deduce the private key using cryptographic methods (which depends upon the key length and the cryptographic strength of the key-generating algorithm).
It is also important to establish that the user of the digital signature or PIN/password is fully aware of obligations he or she is agreeing to by signing at the time of signature. This can be ensured by programming appropriate ceremonial banners into the software application that alert the individual of the gravity of the action she is about to undertake. The presence of such banners can later be used to demonstrate to a court that the user was fully informed of and aware of what he or she was signing.
Carefully control access to the electronic data, after receipt, yet make it available in a meaningful and timely fashion. Security measures should be in place that ensure that no one is able to alter a transaction, or substitute something in its place, once it has been received by the agency unless the alteration is a valid correction contained in an electronically certified re-transmission. This can be achieved with a digital signature because it binds the identity of the individual making the signature to the entire document, so any subsequent change would be detected. Thus, the receiving agency needs to take prudent steps to control access to the electronic transaction through such methods as limiting access to the computer database containing the transaction, and performing processing with the data using copies of the transaction rather than the original. The information may be needed for audits, disputes, or court cases many years after the transaction itself took place. Agencies should make plans for storing data and providing meaningful and timely access to it for as long as such access will be necessary.
Please be sure to carefully read and follow the form filing instructions. Form fees, eligibility requirements, fee waiver eligibility, required documents, and mailing addresses vary depending on the form you are filing and why you are filing it. These tips will help ensure we accept your application, petition, or request package for processing.
75. We cannot ignore the fact that in cities human trafficking, the narcotics trade, the abuse and exploitation of minors, the abandonment of the elderly and infirm, and various forms of corruption and criminal activity take place. At the same time, what could be significant places of encounter and solidarity often become places of isolation and mutual distrust. Houses and neighbourhoods are more often built to isolate and protect than to connect and integrate. The proclamation of the Gospel will be a basis for restoring the dignity of human life in these contexts, for Jesus desires to pour out an abundance of life upon our cities (cf. Jn 10:10). The unified and complete sense of human life that the Gospel proposes is the best remedy for the ills of our cities, even though we have to realize that a uniform and rigid program of evangelization is not suited to this complex reality. But to live our human life to the fullest and to meet every challenge as a leaven of Gospel witness in every culture and in every city will make us better Christians and bear fruit in our cities.
117. When properly understood, cultural diversity is not a threat to Church unity. The Holy Spirit, sent by the Father and the Son, transforms our hearts and enables us to enter into the perfect communion of the blessed Trinity, where all things find their unity. He builds up the communion and harmony of the people of God. The same Spirit is that harmony, just as he is the bond of love between the Father and the Son. It is he who brings forth a rich variety of gifts, while at the same time creating a unity which is never uniformity but a multifaceted and inviting harmony. Evangelization joyfully acknowledges these varied treasures which the Holy Spirit pours out upon the Church. We would not do justice to the logic of the incarnation if we thought of Christianity as monocultural and monotonous. While it is true that some cultures have been closely associated with the preaching of the Gospel and the development of Christian thought, the revealed message is not identified with any of them; its content is transcultural. Hence in the evangelization of new cultures, or cultures which have not received the Christian message, it is not essential to impose a specific cultural form, no matter how beautiful or ancient it may be, together with the Gospel. The message that we proclaim always has a certain cultural dress, but we in the Church can sometimes fall into a needless hallowing of our own culture, and thus show more fanaticism than true evangelizing zeal. 2b1af7f3a8