Federal government agencies in the U.S. must adhere to some of the toughest IT security standards and requirements in the world. Each year, these agencies' security postures are graded based upon these standards. USAID received the only A+ mark.
The agency assists countries recovering from disaster, trying to escape poverty or engaging in democratic reforms. To help with these efforts, as well as to meet the challenges of its unique risk environment and stringent Federal Information Security Management Act (FISMA) requirements, the USAID implemented a risk-based information systems security program.
Understandably, to undertake its various initiatives, such as recent tsunami relief efforts, USAID's IT program must allow for secure and flexible response and continual risk measurement. But with offices in 70-plus developing countries, USAID faces many challenges in implementing a worldwide information systems security program because of the lack of robust local telecommunications and IT infrastructures in these countries. To overcome these, the agency's program enlists a risk-based management model that requires them to support business decisions with information security metrics.
They deploy security data collection technology to provide risk measurements, and report this information to agency business system owners and decision-makers in near real-time.
The security data collection technologies and risk-based model provides in-depth visibility into the daily operations of its global network and increases security awareness among USAID managers and staff.