Raytheon Executive Summary

788 Words4 Pages

Raytheon one of largest defense contractors for the Department of Defense (DOD), operates in a unique environment, of security concerns and issues. First and foremost, Raytheon, in May 2016, is number #295 on the Forbes’s List Global 2000, with a $37.5-billion market cap and $2 billion in profits, and requires an astute security program to protect valuable assets and promote loyalty and trust, for customer relations. (Forbes, 2016) As the corporation encompasses numerous business roles of information technology service provider, weapons supplier, military training, engineering, and other various ventures, include aerospace technologies. Evidently, the joint-ventures, in most cases, require access to DOD networks and classified materials, mandating …show more content…

This scenario generates circumstances where Raytheon requires two separate security programs, one for organizational security and one meeting DOD requirements, eerie in context as different laws and federal regulations govern government agencies, versus the privatized industry. Raytheon possesses a unique combination of security concerns and requirements, and requires an information security management of governance, when working in close-quarters with government agencies, and an information security management framework for risk management, for organizational assets and to promote confidence and loyalty, within customer …show more content…

(Lord, 2017) However, FIPS 199 and 200 only the minimal requirement standards for federal information system, while NIST SP 800 provides a wealth of other desirable information. Additionally, FIPS 199 and FIPS 200 both reference various NIST SPs. Here is an example of FIPS referring to NIST SP 800 series, per NIST (2006), “Federal agencies must meet the minimum requirements as defined herein through the use of security controls in accordance with NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems, as amended.” Additionally, FIPS 199 only covers the categorization of federal information and information systems, categorizing information based on integrity, confidentiality, and availability, and the impact if compromised rated from low, moderate, high, or non-applicable. (NIST, 2004) Furthermore, The NIST SP 800-34 is the “Contingency Planning Guide for Federal Information Systems”, and an implementation of the framework absolves the security issues. (Swanson, Bowen, Philillips, Gallup, & Lynes, 2010) Additionally, the variety of contingency planning resources available within the publication, including continuity of