Security Program Evaluation

In support of Georgia's commitment to continuous improvement of the state's information security posture, GTA's Office of Information Security is conducting evaluations of agency-level information security programs. The evaluations are based on Program Review for Information Security Management Assistance (PRISMA). The evaluations focus on the agency's security management and operational processes based on requirements established by statewide security policies, the Federal Information Security Management Act (FISMA), and the National Institute of Standards and Technology (NIST) Computer Security Division.

By invitation from GTA or agency request, an experienced information security analyst in coordination with the agency's Senior Agency Information Security Officer (SAISO) will evaluate the security program management elements that are independent of any particular information system but are essential to an effective information security program. In addition, on request from the agency, the analyst will evaluate security management and operational processes for one major information system. As a deliverable, the analyst will highlight effective program activities, identify gaps that can affect the overall effectiveness of the agency's security program, and provide recommendations to address these gaps. The analyst will also help develop strategies to assist with the management of security-relevant acquired systems, products, and services (Georgia Enterprise Technology Services or other security-relevant outsourced services). 

 The ultimate goal of these evaluations is to assist agencies in:

  • Building robust information security and risk management programs
  • Preparing for future reporting and audit requirements
  • Responding to audit or assessment findings
  • Improving their and the state's overall security posture