[ISN] Common IT security framework for government gets a step closer

From: InfoSec News <alerts_at_private>
Date: Mon, 24 Sep 2012 03:29:25 -0500 (CDT)
http://gcn.com/articles/2012/09/21/nist-risk-assessment-guide.aspx

By William Jackson
GCN.com
Sep 21, 2012

The National Institute of Standards and Technology has released revised 
guidelines for risk assessment, outlining updated steps for establishing 
risk-based security in federal information systems.

Risk assessment is identifying, estimating and prioritizing the risks to 
an organization’s operations and assets so that they can be effectively 
addressed.

Special Publication 800-30 Rev. 1, Guide for Conducting Risk 
Assessments, is the last of five documents initially planned by an 
interagency task force to help harmonize IT security requirements across 
civilian agencies, the military and the intelligence communities. The 
significance of the effort is enormous, said Ron Ross, a NIST fellow in 
the Computer Security Division.

“For the first time in over four decades we are moving toward a common 
information security framework for all government,” Ross said. “It’s 
going to take a while to get all of the documents operationalized, but 
the transition is well under way.”

[...]


--
ExpandingSecurity.com Live OnLine classes won&#8217;t wreck your schedule.
Get that cert and be done before 2012 ends. Last ISSAP 2012 class starts
Sept. 25th. Last 2012 CISSP and CEH starts Oct. 1:
CEH info signup: http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/
CISSP info signup: http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/
ISSAP info signup: http://www.expandingsecurity.com/product/issap-information-systems-security-architecture-professional/ 
Received on Mon Sep 24 2012 - 01:29:25 PDT

This archive was generated by hypermail 2.2.0 : Mon Sep 24 2012 - 01:27:08 PDT