Implementing Homeland Security for Enterprise IT

Once threat assessments are conducted, DRPs and business-continuity plans need to be developed or revised to address newly determined threats. These plans can help to mitigate or minimize disruptions that can result from a terrorist attack on a component of the critical national infrastructure.

It is important to maintain the perspective that security improvement is an ongoing process. In addition to developing the DRPs and business-continuity plans, organizations need to establish a process that stays in step with the national initiatives that will do the following:

• Maintain an updated inventory of an organization's critical facilities, systems, and functions and monitor its security methods and preparedness to deal with disputations.

• Coordinate with federal, state, local, and private entities in planning and response activities.

• Monitor and respond to national-level threat information, assessments, and warnings.

• Examine incentives provided by federal, state, or local government to devise solutions to unique protection impediments.

• Monitor and respond to cross-sector and crossjurisdictional protection standards, guidelines, criteria, and protocols.

• Monitor the development of and utilize emerging protection best practices and processes and vulnerability-assessment methodologies.

• Monitor the results of demonstration projects and pilot programs and assess outcomes for potential application in the organization.

• Implement appropriate asset-protection education and awareness campaigns.

• Monitor and respond to efforts made by the federal, state, and local governments to improve incident response.

• Establish a personnel surety program for all key personnel.

The federal government plans to coordinate public- and private-sector security research and development activities and interoperability standards of communications systems to utilize technology better to improve homeland security. As new technologies evolve, organizations need to establish a process that stays in step with the national initiatives. An internal organizational process should be established to monitor technology development, standards for technology use, and technologies that have been tested and proven effective.