List Info

Thread: NIST provides security guide for managers
NIST provides security guide for managers
user name
 2006-11-14 13:34:49 
An interesting news item.....

-----Original Message-----
From: isn-bouncesinfosecnews.org [mailto:isn-bouncesinfosecnews.org] On
Behalf Of InfoSec News
Sent: Tuesday, November 14, 2006 8:46 AM
To: isninfosecnews.org
Subject: [ISN] NIST provides security guide for managers 

http://w
ww.fcw.com/article96796-11-13-06-Web

By Wade-Hahn Chan
Nov. 13, 2006

The National Institute of Standards and Technology has put
together a 
guide to information security tailored specifically for
top-level 
managers.

The publication, "Information Security Handbook: A
Guide for Managers," [1]
was written for chief information officers, chief
information security 
officers and other officials who have a vested interest in
the security 
of agency systems but who do not necessarily need to get
into the nuts 
and bolts on a daily basis.

The guide focuses on issues that typically arise when
planning and 
implementing a security program, according to NIST.

One chapter, for example, looks at security governance,
providing a 
breakdown of the different security-related responsibilities
that must 
be handled by an agency's management team. The CIO should
appoint a CISO 
to develop and maintain security policies and procedures,
the guidelines 
state, but "information owners" -- individuals who
actually manage 
information -- should be the ones to decide the appropriate
use and 
distribution of their data.

NIST developed the handbook to help managers address the
requirements of 
various security policies and laws, such as the
Clinger-Cohen Act of 
1996 and the Federal Information Security Management Act.
NIST intends 
the guidelines to be generic, something agencies can tailor
to their 
specific technical and business requirements.

By providing a top-level look at security issues, the
handbook "provides 
guidance for facilitating a more consistent approach to
information 
security programs across the federal government,"
according to the 
guidance.

[1] http://csrc.nist.gov/publications/nistpubs/800-1
00/sp800-100.pdf


_________________________________
Subscribe to InfoSec News
http:
//www.infosecnews.org/mailman/listinfo/isn
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )