New publication fundamentally changes federal information security risk management
March 2, 2011 By Evelyn Brown
The National Institute of Standards and Technology (NIST) has published the final version of a special publication that can help organizations to more effectively integrate information security risk planning into their mission-critical functions and overall goals.
Managing Information Security Risk: Organization, Mission, and Information System View (NIST Special Publication 800-39) provides the groundwork for a three-tiered, risk-management approach that "fundamentally changes how we manage information security risk at the federal level," says Ron Ross, NIST Fellow and one of the principal authors of the publication.
For decades, organizations have managed risk at the information system level that resulted in a very narrow perspective that constrained risk-based decisions by senior management, Ross explains. SP 800-39 calls for a holistic approach in which senior leaders determine what needs to be protected based on the organization's core missions and business functions. For example, managers of a power plant tied to the distribution grid need to ensure that its computer security keeps hackers from interfering with the plant's power generation or getting into the power grid to wreak greater havoc.
The publication is the fourth in the series of risk management and information security guidelines being developed by the Joint Task Force Transformation Initiative, a joint partnership among the Department of Defense, Intelligence Community, NIST and the Committee on National Security Systems.
The multi-tiered risk management approach described in SP 800-39 progresses from organization to missions to information systems. The goal is to ensure that strategic considerations drive investment and operational decisions with regard to managing risk to organizational operations (including mission, function, image and reputation), organizational assets, individuals, other organizations (collaborating or partnering with federal agencies and contractors) and the nation.
This type of risk-based, decision making is critical as organizations address advanced persistent threats of sophisticated cyber attacks that have the potential to degrade or debilitate information systems supporting the federal government's critical applications and operations.
"SP 800-39 is about building more secure information systems which will ultimately allow senior leaders and executives to better understand the mission and business risk brought into their enterprises by the ever-increasing use of, and dependence on, information technology and network connectivity," Ross says.
More information: SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View, has been developed in support of the Federal Information Security Management Act (FISMA). It can be downloaded from http://csrc.nist.g … 39-final.pdf
Provided by
National Institute of Standards and Technology
-
From lemons to lemonade: Reaction uses carbon dioxide to make carbon-based semiconductor,
32 comments
-
Thioridazine kills cancer stem cells in human while avoiding toxic side-effects of conventional cancer treatments,
3 comments
-
SpaceX private rocket blasts off for space station (Update),
42 comments
-
Climate scientists say they have solved riddle of rising sea,
30 comments
-
Research team claims to have found evidence Lake Cheko is impact crater for Tunguska Event,
18 comments
-
Need a rigid insulation material???
2 hours ago
-
magnets or EMF in car bumpers to protect from fender bender
18 hours ago
-
length of wire in a coil of known dimensions?
May 25, 2012
-
India Engineering Powerhouse
May 25, 2012
-
electromagnet core dereference between hard and soft iron
May 25, 2012
-
Measuring water pressure in an open tank
May 24, 2012
- More from Physics Forums - General Engineering
More news stories
SpotterRF debuts Radar Backpack Kit (w/ Video)
(Phys.org) -- SpotterRF has announced a special radar backpack kit designed to enhance situational awareness for soldiers on the ground. The company says its special radar is designed for warfighters as part ...
Probability of contamination from severe nuclear reactor accidents is higher than expected: study
Catastrophic nuclear accidents such as the core meltdowns in Chernobyl and Fukushima are more likely to happen than previously assumed. Based on the operating hours of all civil nuclear reactors and the number ...
Technology / Energy & Green Tech
May 22, 2012 |
3.6 / 5 (21) |
52
|
Delphi gasoline-injection engine technique rivals hybrid's edge
(Phys.org) -- Running a diesel like engine on gasoline is something Delphi is doing in notable fashion. They claim they are on to a promising way to enjoy an engine that gives the vehicle owner high efficiency ...
HyperSolar shows dirty water no barrier to power world
(Phys.org) -- The Santa Barbara, California, company, HyperSolar, is set to transparently share the ups and downs of its research experiences toward the companys ultimate vision, successfully producing ...
Tesla to launch electric sedan in US on June 22
Tesla Motors said Tuesday it would begin deliveries of "the world's first premium electric sedan" on June 22, slightly ahead of schedule.
Technology / Energy & Green Tech
May 22, 2012 |
4.5 / 5 (11) |
18
Dell tablet leak: 10.1-inch display, two-battery choice
(Phys.org) -- Headline after headline talks about vendors tablets in the wings as likely number-one contenders for the iPad. Such claims have justifiably been taken with a grain of salt, considering ...
Scientist: Evolution debate will soon be history
(AP) -- Richard Leakey predicts skepticism over evolution will soon be history. Not that the avowed atheist has any doubts himself.
SpaceX capsule has 'new car' smell, astronauts say (Update)
SpaceX's Dragon cargo vessel smells like a new car, said astronauts at the International Space Station after opening the hatches Saturday following the spacecraft's landmark mission to the orbiting lab.
Thousands of shellfish found dead in Peru
Thousands of crustaceans were found dead off the coast of Lima following the mystery mass death of dolphins and pelicans, the Peruvian Navy said Friday.
Australia hails surprise super-telescope decision
Australia has hailed a surprise decision giving it a role in a radio telescope project aimed at revolutionising astronomy, vowing to draw on its decades of experience in space science.
Keep food safety in mind this memorial day weekend
(HealthDay) -- Picnics, parades and cookouts are as much a part of Memorial Day weekend as tributes to the United States' war veterans.