Go to the FreeLists Home Page Home Signup Help Login 		 



[networknewsletters] || [Date Prev] [02-2007 Date Index] [Date Next] || [Thread Prev] [02-2007 Thread Index] [Thread Next]

[ECP] NIST releases info security documents

  • From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
  • To: NetworkNewsletters@xxxxxxxxxxxxx
  • Date: Thu, 22 Feb 2007 10:26:17 -0500
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤,¸¸,ø¤º
Please link to the Educational CyberPlayGround
http://www.edu-cyberpg.com

Add your K12 SCHOOL OR SCHOOL DISTRICT URL
http://www.edu-cyberpg.com/schools/

Please Share and Add Your Song
http://www.edu-cyberpg.com/ncfr/

Educational CyberPlayGround Network Newsletters Mailing List ©1994
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤,¸¸,ø¤º


NIST releases info security documents
http://www.gcn.com/online/vol1_no1/43141-1.html

By William Jackson
GCN Staff
02/16/07

The National Institute of Standards and Technology has published two new
interagency reports designed to help auditors, inspectors general and
senior management understand and evaluate information security programs.

NISTIR 7359 [1], titled Information Security Guide for Government
Executives, is an overview of IT security concepts that senior
management should grasp. NISTIR 7358 [2], titled Program Review for
Information Security Management Assistance (PRISMA), lays out a
standardized approach for measuring the maturity of an information
security program.

PRISMA is a methodology developed by NIST for reviewing complex
requirements and posture of a federal information security program. It
is intended for use by security personnel, as well as internal
reviewers, auditors and IGs. Tools laid out in NISTIR 7358 should help
identify program deficiencies, establish baselines, validate corrections
and provide supporting information for Federal Information Security
Management Act scorecards. It gives a maturity level in nine primary
topic areas:

    * Information security management and cuilture
    * Information security planning
    * Security awareness, training and education
    * Budget and resources
    * Life cycle management
    * Certification and accreditation
    * Critical infrastructure protection
    * Indicent and remergency response
    * Security controls

PRISMA is based on the Software Software Engineering Institutes former
Capability Maturity Model and each topic area is rated in one of five
levels of maturity, with the fifth level being the highest:

   1. Policies
   2. Procedures
   3. Implementation
   4. Testing
   5. Integration.

NISTIR 7359 is addressed to senior management, because studies have
shown that senior managements commitment to information security is the
most critical element in the success of an information security program.
Executives are responsible for establishing the program and setting its
goals, as well ensuring that resources are made available to fulfill
them.

The guide answers five basic questions about information security for
the senior level manager:

    * Why do I need to invest in information security?
    * Where do I need to focus my attention to accomplish critical
      information security goals?
    * What are the key activities in building an effective information
      security program?
    * What are the laws, regulations, standards and guidelines that I
      need to understand to build an effective information security
      program.
    * Where can I learn more to help evaluate my program?

[1] http://csrc.nist.gov/publications/nistir/ir7359/NISTIR-7359.pdf
[2] http://csrc.nist.gov/publications/nistir/ir7358/NISTIR-7358.pdf


<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Educational CyberPlayGround Network Newsletters Mailing List
Subscribe - Unsubscribe - Set Preferences http://www.edu-cyberpg.com/Community/NetworkNewsletters.html 

Copyright statements to be included when reproducing
annotations from the Educational CyberPlayGround Network Newsletter 

The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND http://www.edu-cyberpg.com 
Network Newsletters copyright



Email Prefrences - Subscribe - Unsubscribe - Digest
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html


Advertise Network Newsletters Guidelines
http://www.edu-cyberpg.com/Community/Subguidelines.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>




[ Home | Signup | Help | Login | Archives | Lists ]

All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
Everything else ©2007 Avenir Technologies, LLC.