Americký NIST vydal: Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View02.03.2011
NIST Special Publication 800-39 is the fourth in the series of risk management and information security guidelines. Zdroj: http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf
NIST Special Publication 800-39, provides guidance to federal agencies and their contractors on how to manage information security risk associated with the operation and use of information systems. For decades, organizations have managed risk at the information system level. This information system focus provided a very narrow, stovepiped, perspective that constrained risk-based decisions by senior leaders/executives to the tactical level—devoid, in many cases, of any direct linkage or traceability to the important organizational missions/business functions being carried out by enterprises. The concentration on information systems security resulted in a focus on vulnerability management at the expense of strategic risk management applied across enterprises.
Special Publication 800-39 introduces a three-tiered risk management approach that recommends federal agencies focus, initially, on establishing an enterprise-wide risk management strategy as part of a mature governance structure involving senior leaders/executives and a robust risk executive (function). The risk management strategy addresses some of the fundamental issues that organizations face in how information security risk is assessed, responded to, and monitored over time in the context of critical missions and business functions.
Heuristické vyhledání souvisejících článků v archívu NEWS
Pozor - není zdaleka přesné a výsledek je bez záruky...
Chcete-li článek obsahující konkrétní termín - pou·ijte funkci vyhledávání