World Library  


Add to Book Shelf
Flag as Inappropriate
Email this Book

Nist

By Swanson, Marianne

Click here to view

Book Id: WPLBN0000693673
Format Type: PDF eBook
File Size: 187.82 KB.
Reproduction Date: 2005

Title: Nist  
Author: Swanson, Marianne
Volume:
Language: English
Subject: Technology., Reference materials, Technology and literature
Collections: Techonology eBook Collection
Historic
Publication Date:
Publisher:

Citation

APA MLA Chicago

Swanson, M. (n.d.). Nist. Retrieved from http://www.ebooklibrary.org/


Description
Technical Reference Publication

Excerpt
Introduction: As more organizations share information electronically, a common understanding of what is needed and expected in securing information technology (IT) resources is required. This document provides a baseline that organizations can use to establish and review their IT security programs. The document gives a foundation that organizations can reference when conducting multi-organizational business as well as internal business. Management, internal auditors, users, system developers, and security practitioners can use the guideline to gain an understanding of the basic security requirements most IT systems should contain. The foundation begins with generally accepted system security principles and continues with common practices that are used in securing IT systems.

Table of Contents
Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.3 Relationship of Principles and Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.4 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.5 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.6 Structure of this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.7 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Generally Accepted System Security Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1 Computer Security Supports the Mission of the Organization . . . . . . . . . . . . . . . . . 5 2.2 Computer Security is an Integral Element of Sound Management . . . . . . . . . . . . . . 6 2.3 Computer Security Should Be Cost-Effective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.4 Systems Owners Have Security Responsibilities Outside Their Own Organizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.5 Computer Security Responsibilities and Accountability Should Be Made Explicit . 8 2.6 Computer Security Requires a Comprehensive and Integrated Approach . . . . . . . . 9 2.7 Computer Security Should Be Periodically Reassessed . . . . . . . . . . . . . . . . . . . . . . 9 2.8 Computer Security is Constrained by Societal Factors . . . . . . . . . . . . . . . . . . . . . 10 3. Common IT Security Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.1 Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.1.1 Program Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.1.2 Issue-Specific Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.1.3 System-Specific Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.1.4 All Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2 Program Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2.1 Central Security Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2.2 System-Level Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.3 Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.3.1 Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.3.2 Risk Mitigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.3.3 Uncertainty Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.4 Life Cycle Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.4.1 Security Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.4.2 Initiation Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.4.3 Development/Acquisition Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.4.4 Implementation Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

 

Click To View

Additional Books


  • Evaluated Kinetic and Photochemical Data... (by )
  • Toward Next-Generation Construction Mach... (by )
  • Reporting 
  • Secure Cyberspace 
  • Thermodynamic Properties of Dioxygen Dif... (by )
  • Thermodynamic Functions and Properties o... (by )
  • Cross Sections and Related Data for Elec... (by )
  • Cross Sections and Swarm Coefficients fo... (by )
  • Administrative Modifications 
  • Indefinite Delivery Indefinite Quantity ... 
  • Credit Card Purchases 
  • Awards 
Scroll Left
Scroll Right

 



Copyright © World Library Foundation. All rights reserved. eBooks from World eBook Library are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.