Security - News

NIST Special Publication 800-39 is the fourth in the series of risk management and information security guidelines.

NIST Special Publication 800-39, provides guidance to federal agencies and their contractors on how to manage information security risk associated with the operation and use of information systems. For decades, organizations have managed risk at the information system level. This information system focus provided a very narrow, stovepiped, perspective that constrained risk-based decisions by senior leaders/executives to the tactical level—devoid, in many cases, of any direct linkage or traceability to the important organizational missions/business functions being carried out by enterprises. The concentration on information systems security resulted in a focus on vulnerability management at the expense of strategic risk management applied across enterprises.

Special Publication 800-39 introduces a three-tiered risk management approach that recommends federal agencies focus, initially, on establishing an enterprise-wide risk management strategy as part of a mature governance structure involving senior leaders/executives and a robust risk executive (function). The risk management strategy addresses some of the fundamental issues that organizations face in how information security risk is assessed, responded to, and monitored over time in the context of critical missions and business functions.

Autor: JP

Heuristické vyhledání souvisejících článků v archívu NEWS

• Zpráva spole?nosti PwC: Risk in review 2012. Rethinking risk management for new market realities
• Hrozby APT a systémy SIEM (security information event management)
• P?ehledová studie: Network security: Managing the risk and opportunity
• Americký NIST vydal finální draft: Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal information Systems and Organizations
• Epimetheus - a system for reducing the risk of phishing attacks