-

 



U.S. DEPARTMENT OF LABOR
Employment and Training Administration
Washington, D. C. 20210

CLASSIFICATION

UI

CORRESPONDENCE SYMBOL

TEUDPR

ISSUE DATE

June 19, 1998

RESCISSIONS

None

EXPIRATION DATE

June 30, 1999

DIRECTIVE

:

UNEMPLOYMENT INSURANCE PROGRAM LETTER NO. 30-98

 

TO

:

ALL STATE EMPLOYMENT SECURITY AGENCIES

 

FROM

:

GRACE A. KILBANE
Director
Unemployment Insurance Service

 

SUBJECT

:

The Risk Analysis Project - User Group Forums

 

  1. Purpose. To announce schedule of four user group forums on the Risk Analysis Project.

  2. References.

    1. ETA Handbook No. 376, Guidelines for Internal Security in UI Operations.

    2. Unemployment Insurance Program Letter (UIPL) No. 08-97, Risk Analysis Training.

    3. UIPL No. 12-95, Risk Analysis Project.

    4. UIPL No. 34-87, Unemployment Insurance (UI) Internal Security Risk Analysis (Vulnerability Assessment).

  3. Background. Since fiscal year 1982, the Department of Labor (DOL) has allocated resources for the Internal Security (IS) program. In concert with the IS program, the Employment and Training Administration (ETA) required through UIPLs that State Employment Security Agencies (SESAs) complete a risk analysis of the UI program covering the vulnerability of all UI program operations whenever major system changes occur but not less than once every three years.

    Risk Analysis is a specific activity to be performed by the Internal Security Unit(ISU). Along with its other IS activities, the ISU is required to perform a risk analysis to determine an economic balance between the impact of risks and the costs of protective measures. In performing a risk analysis, the ISU must identify assets, threats to the system (both program and computer related), vulnerabilities, and cost effective safeguards.

  4. Risk Analysis Training. Six UI Risk Analysis training classes have been held. These training classes were attended by National Office and Regional Office personnel, and SESA staff including, internal auditors, information security officers, investigators, and other internal security personnel responsible for risk analysis.

  5. User Group Forums. Four two-day risk analysis forums have been scheduled to follow-up and continue the discussions of the risk analysis process, methodology, and RiskWatch software training that began during the fundamental, intermediate and advanced Risk Analysis Training courses. Personnel from SESAs and DOL, who have knowledge of and/or experience conducting risk analyses will participate in round table discussions regarding SESA specific risk analysis issues and concerns. Forum participants will establish the agenda for each forum. Possible discussion topics include:

    Forum participants will establish the specific agenda for each forum.

  6. Action Required. All SESA Administrators are requested to:

    1. Consider who will be attending the usergroup forums based on their understanding of the risk analysis process and methodology and participation in completing a risk analysis (full and or partial).

    2. Provide the names, addresses and telephone numbers and which forum the nominee (first and second choice) wishes to attend to: Elaine Shock, 800 Capitol Mall, MIC 78, PO BOX 826880, Sacramento, California 94280, by COB July 10, 1998.

    3. Provide copies of this UIPL to appropriate IS staff and other appropriate personnel.

  7. Inquiries. Inquiries should be directed to the appropriate Regional Office and Elaine Schock on telephone number (916)654-7929, Fax (916)654-6359.