(Press-News.org) Two new draft publications from the National Institute of Standards and Technology (NIST) provide the groundwork for a three-tiered risk-management approach that encompasses computer security risk planning from the highest levels of management to the level of individual systems. The draft documents have been released for public comment.
Both publications are a part of NIST's risk management guidelines, which have been developed in support of the Federal Information Security Management Act (FISMA), and adopted government wide to improve the security of government systems and information. Both call for upper-level management to understand that information security is a key component to mission-critical functions and that top managers need to manage information security risk in coordination with chief information officers, chief information security officers and system owners to meet the organization's goals.
Integrated Enterprise-Wide Risk Management: Organization, Mission, and Information System View (Special Publication 800-39, available in pdf format at http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-39), is the capstone document that applies this new perspective on how federal agencies and their contractors should manage information security risk.
"Most organizations currently manage risk using a tactical, system-by-system approach," said Ron Ross, NIST Fellow and FISMA Implementation Project Leader. "This new framework suggests a three-tiered risk management approach that moves from organization to missions to information systems. The goal is for senior leaders and executives to manage risks strategically and drive investment and operational decisions based on the organization's core missions and business functions."
The new approach is particularly important as organizations address advanced persistent threats, which have the potential to degrade or debilitate federal information systems that support critical applications and operations of the federal government.
This publication is the fourth in the series developed by the Joint Task Force Transformation Initiative, a joint partnership among the Department of Defense, the Intelligence Community, NIST, and the Committee on National Security Systems. This draft provides significant changes from earlier versions of the publication and includes input from all partners in the Joint Task Force.
SP 800-39, once finalized, will supersede Risk Management Guide for Information Technology Systems (SP 800-30) as the source for guidance on risk management. A revised version of SP 800-30 will provide guidance on risk assessment consistent with SP 800-39 and is expected to be published in 2011.
Comments are requested on the draft of SP800-39. Please send them to sec-cert@nist.gov by Jan. 25, 2011.
The initial public draft of a second new NIST publication, Information Security Continuous Monitoring for Federal Information Systems and Organizations (Special Publication 800-137, available in pdf format at http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-137), is a guide to developing and implementing a comprehensive continuous monitoring strategy for computer security risk management using a three-tiered approach, organization level, mission/business level and system level. A robust strategy for continuous monitoring of information security helps maintain ongoing awareness of information security and ensures that organizational security practice reflects the organization's risk tolerance. It helps ensure that accurate, up-to-date information is available to enable timely risk management decisions.
"SP 800-137 encourages a holistic approach to managing risk through information security continuous monitoring." explains IT Specialist Kelley Dempsey. The publication describes how to develop a comprehensive continuous monitoring strategy. It provides methods to implement a continuous monitoring program including determination of measures and metrics, determination of monitoring frequencies, review and analysis of security-related information, response to information security risk, and revision of the strategy.
Comments are requested on the draft of SP 800-137. Please send them to 800-137comments@nist.gov by March 15, 2011.
INFORMATION:
END
In a groundbreaking achievement that could help scientists "build" new biological systems, Princeton University scientists have constructed for the first time artificial proteins that enable the growth of living cells.
The team of researchers created genetic sequences never before seen in nature, and the scientists showed that they can produce substances that sustain life in cells almost as readily as proteins produced by nature's own toolkit.
"What we have here are molecular machines that function quite well within a living organism even though they were designed ...
(PHILADELPHIA) Elevated fat and cholesterol levels found in a typical American-style diet play an important role in the growth and spread of breast cancer, say researchers at the Kimmel Cancer Center at Jefferson.
The study, published in the January issue of The American Journal of Pathology, examines the role of fat and cholesterol in breast cancer development using a mouse model. The results show that mice fed a Western diet and predisposed to develop mammary tumors, can develop larger tumors that are faster growing and metastasize more easily, compared to animals eating ...
Madison, WI December 28, 2010 – The Australian Government National Water Commission funded a study to establish an approach to assess the quality of water treated using managed aquifer recharge. Researchers at Australia's CSIRO Land and Water set out to determine if the en product would meet standard drinking water guidelines.
At the Parafield Aquifer Storage, Transfer and Recovery research project in South Australia, the team of scientists harvested storm water from an urban environment, treated it in a constructed wetland, stored it in an aquifer, and then recovered ...
Menlo Park, Calif. — The Crab Nebula, one of our best-known and most stable neighbors in the winter sky, is shocking scientists with a propensity for fireworks—gamma-ray flares set off by the most energetic particles ever traced to a specific astronomical object. The discovery, reported today by scientists working with two orbiting telescopes, is leading researchers to rethink their ideas of how cosmic particles are accelerated.
"We were dumbfounded," said Roger Blandford, who directs the Kavli Institute for Particle Astrophysics and Cosmology, jointly located at ...
An international, NOAA-led research team took a significant step forward in understanding the atmosphere's ability to cleanse itself of air pollutants and some other gases, except carbon dioxide. The issue has been controversial for many years, with some studies suggesting the self-cleaning power of the atmosphere is fragile and sensitive to environmental changes, while others suggest greater stability. And what researchers are finding is that the atmosphere's self-cleaning capacity is rather stable.
New analysis published online today in the journal Science shows that ...
(Santa Barbara, Calif.) –– Calling the results "extremely surprising," researchers from the University of California, Santa Barbara and Texas A&M University report that methane gas concentrations in the Gulf of Mexico have returned to near normal levels only months after a massive release occurred following the Deepwater Horizon oil rig explosion.
Findings from the research study, led by oceanographers John Kessler of Texas A&M and David Valentine of UCSB, were published today in Science Xpress, in advance of their publication in the journal Science. The findings show ...
AMES, Iowa – An international team of scientists has released data indicating that greenhouse gas uptake by continents is less than previously thought because of methane emissions from freshwater areas.
John Downing, an Iowa State University professor in the ecology, evolution and organismal biology department, is part of an international team that concluded that methane release from inland waters is higher than previous estimates.
The study, published in the journal Science, indicates that methane gas release from freshwater areas changes the net absorption of greenhouse ...
CHICAGO (January 6, 2011) – According to a report published in the December issue of the Journal of the American College of Surgeons, surgery residents improved their knowledge of health care business concepts and principles with the use of a Web-based curriculum.
The expectation is for residents to "demonstrate an awareness of and responsiveness to the larger context and system of health care, as well as the ability to call effectively on other resources in the system to provide optimal health care." However, consensus from residents is that they lack instruction and ...
Queen's University Classics professor emeritus Ross Kilpatrick believes the Leonardo da Vinci masterpiece, the Mona Lisa, incorporates images inspired by the Roman poet Horace and Florentine poet Petrarch.
The technique of taking a passage from literature and incorporating it into a work of art is known as 'invention' and was used by many Renaissance artists.
"The composition of the Mona Lisa is striking. Why does Leonardo have an attractive woman sitting on a balcony, while in the background there is an entirely different world that is vast and barren?" says Dr. Kilpatrick. ...
GAINESVILLE, Fla. — A new University of Florida study following the evolution of lice shows modern humans started wearing clothes about 170,000 years ago, a technology which enabled them to successfully migrate out of Africa.
Principal investigator David Reed, associate curator of mammals at the Florida Museum of Natural History on the UF campus, studies lice in modern humans to better understand human evolution and migration patterns. His latest five-year study used DNA sequencing to calculate when clothing lice first began to diverge genetically from human head lice. ...
