Group offers guide for secure e-gov

Government and industry have teamed to show how agencies have handled security on some of the most common electronic government initiatives, offering their experiences as examples for others.

"Securing Electronic Government," a resource guide prepared by the CIO Council's Security, Privacy and Critical Infrastructure Protection Committee, is the joint effort of many organizations. Last May, the CIO Council, the Chief Financial Officers Council and the Information Technology Association of America came together to share experiences and discuss the security challenges agencies face in the e-government arena.

The group wound up focusing on three areas

Web-based information services. Electronic procurement. Financial transactions. The group discussed the common issues under each area and then found examples of an agency or a company that had gone through the process of assessing risk and defining solutions.

The guide defines five security goals, under which each agency program can have a different level of risk: availability, authentication and identification, confidentiality, integrity and non-repudiation.

The importance of security goals varies in each area. For example, under Web-based information services, ensuring data availability and integrity are of primary importance. But depending on the information or service offered, confidentiality, identification and non-repudiation can also be factors, said David Nelson, deputy CIO at NASA.

All examples in the guide are from the federal sphere, but the discussions include an examination of instances when commercial products and services are viable options for security solutions.

The guide is intended to provide a starting point for agencies to work from and for auditors to use as examples to measure against.

The CIO Council will look for feedback from agencies on how to improve or expand upon the guide, said John Gilligan, co-chairman of the CIO Council Security committee.

The CFO Council also will solicit comments, said Sky Lesher, deputy CFO at the Interior Department and chairman of the financial systems committee on the council. And because most of the 24 agency CFOs are political appointees, the guide also will be a useful reference for the officers with the Bush administration, Lesher said.