Is Your Information Really Safe (2009) resource Articles OCEG Reviewed
As more organizations realize that using perimeter and anti-virus technologies alone is like locking their doors but leaving their windows open, it’s become evident that enterprises must upgrade their security practices in order to prevent huge data breaches like the one announced by Heartland Payment Systems this past January.
Read more
NIST, Federal Information Security Management Act (FISMA) Implementation Project resource Agency Web Sites OCEG Reviewed
To promote the development of key security standards and guidelines to support the implementation of and compliance with the Federal Information Security Management Act including:
>Standards for categorizing information and information systems by mission impact >Standards for minimum security requirements for information and information systems >Guidance for selecting appropriate security controls for information systems
>Guidance for assessing security controls in information systems and determining security control effectiveness
Read more
NIST, Managing Risk from Information Systems, Second Public Draft (April 2008) resource Agency Guidances Member contributionOCEG Reviewed
This publication provides guidelines for managing risk to organizational operations, organizational assets, individuals, other organizations, and the Nation resulting from the operation and use of information systems. Special Publication 800-39 is the flagship document in the series of FISMA-related publications developed by NIST and provides a disciplined, structured, flexible, extensible, and repeatable approach for managing that portion of risk resulting from the incorporation of information systems into the mission and business processes of the organization.
Read more
