Posted by: kenwbudd | March 5, 2011

NIST Publication on Information Security – March 2011

The US National Institute of Standards and Technology (NIST) has published the final version of a special publication that can help organisations to more effectively integrate information security risk planning into their mission-critical functions and overall goals.

‘Managing Information Security Risk: Organization, Mission, and Information System View’ (NIST Special Publication 800-39) provides the groundwork for a three-tiered, risk-management approach that “fundamentally changes how we manage information security risk,” according to Ron Ross, NIST Fellow and one of the principal authors of the publication.
For decades, organisations have managed risk at the information system level that resulted in a very narrow perspective that constrained risk-based decisions by senior management, Ross explains.
SP 800-39 calls for a holistic approach in which senior leaders determine what needs to be protected based on the organization’s core missions and business functions. 
For example, managers of a power plant tied to the distribution grid need to ensure that its computer security keeps hackers from interfering with the plant’s power generation or getting into the power grid to wreak greater havoc.
The publication is the fourth in the series of risk management and information security guidelines being developed by the Joint Task Force Transformation Initiative, a joint partnership among the Department of Defense, Intelligence Community, NIST and the Committee on National Security Systems.
SP 800-39 can be downloaded from here (PDF) or by clicking on the picture.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: