Definition Of IT Positions/Terms At The Government Agencies

  • Information System- People, Process, information, Infrastructure and Technology
  • Information System Owner-Own the people, process, infrastructure and technology for a particular system. A system has only one owner
  • Information Owner-Own the information/data within the information system. An information system can have multiple information Owners.
  • Information System Security Officer (ISSO)-Ensures information systems are secured-controls are implemented and tested for effectiveness
  • Data Custodian-Manages/maintains the information on behalf of the information owner
  • Authorizing Official- Accredit or Authorized System
  • Chief Information Officer (CIO)-Manages the entire agency’s ITresources
  • System Administrator-Day to day management of the system
  • System Developer-Build application/write codes
  • System Engineers- Manage servers
  • Network Engineers- Manage the network (routers and switches)
  • Help Desk- Desktops and laptops troubleshooting/Handle tickets
  • Chief Information Security Officer (CISO)-Responsible for the security of the agency-ISSO/Auditor report to him
  • C&A Analyst/IT Security Analyst-Audit system for compliance-Report to the CISO or ISSO
  • Program Manager-Manages Projects-Security Teams Lead (NIH)
  • Project Manager: Manages a Project-Security Team Lead (NCI)
  • Information System Boundary-A set of information resources (information, people, fund, equipment and information technology) allocated to an information system- If a set of information resources is identified as an information system, the resources are generally under the same direct management control
    • Same management
    • Same General Operation environment (no matter the geographic location)
  • Accreditation/Authorized System Boundary-Information system boundary approved by management-CIO

Link to sample chart –

Sample Organizational Chart

  • General Support system-GSS is a collection of interconnected information resources or computing environments under the same direct management control, which shares common functionality-Data center (house the servers and application) and the network (router, and switches). High, Moderate or Low Classification
  • Major Application- MA          A major application is usually hosted on a general support system. High, Moderate or Low Classification
  • Minor  Application- It is very common that a minor application may have a majority of its security controls provided by the general support system or major application on which it resides. Moderate or Low Classification
  • Confidentiality: Information is only accessible to authorized users.
  • Integrity: Protect against unauthorized modification or alteration of information and information system
  • Availability: Make information and information system available when needed
error: Content is protected !!