ScienceDaily (2 March 2011) , the National Institute of standards and technology (NIST) published the final version of special publication that can help organizations to more effectively integrate information security planning and goals of their mission-critical functions.
Enterprise: security information management, mission, and system information (NIST Special Publication 800-39) provides the basics of a three-tiered, risk-management approach changes fundamentally how we manage information security risk to the federal level, "says Ron Ross, a NIST and the main authors of the publication.
For decades, organizations have to manage risk at the level of the information system, which resulted in a very narrow perspective that constrain risk-based decisions by senior management, explains Ross. SP 800-39 calls for a holistic approach to determine what senior leaders need to be protected is based on the core tasks of the Organization, and business functions. For example, administrators of power distribution network is related to the need to ensure the security of your computer keeps hackers interfering with the plant's power generation or to get into the power grid to bring disaster.
The publication is the fourth in a series of risks and manage information security guidelines developed by the joint task force transformation initiative, a joint partnership between the Department of Defense, intelligence community, Committee on national security systems, NIST.
A risk management approach to the multi-tiered described SP 800-39 organization progress for information systems. The goal is to ensure that the strategic considerations and decisions with respect to drive investment in operational risk management organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations (collaborative or partnering with federal agencies and contractors), the nation.
This type of risk-based decisions, is critical as organizations advanced persistent threats of sophisticated cyber attacks that may harm or weakened the support information systems in the Federal Government's critical applications.
"SP 800-39 is engaged in building a more secure information systems ultimately will allow senior leaders, and administrators better understand the mission, the risk to their business brought by organizations to increasingly use information technology and connectivity, dependency ???"???? Ross.
SP 800-39, security information management: Organization, mission and display of information system, developed in support of federal information security management Act (FISMA). Can be downloaded from http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf.
Email or share this story:
The source of the story:
The above story printed (with writers adaptations by a teamdaily science) from materials that can be by the National Institute of standards technology (NIST).
Note: If no source is cited, instead.
Disclaimer: hdioth in this article do not necessarily reflect those of his team or ScienceDaily.
