NIST Issues Risk Management Guidance

  /     /     /  
Publicated : 22/11/2024   Category : security


NIST Issues Risk Management Guidance


Publication introduces a holistic approach to risk management rather than merely focusing on its IT aspect



The federal agency for implementing technology standards has published a guide to help government organizations weave overall objectives and goals into the fabric of their security strategy.
The National Institute of Standards and Technology (NIST) has published Managing Information Security Risk: Organization, Mission, and Information System View to support the Federal Information Security Management Act (FISMA), according to the institute. FISMA is NISTs security standard for IT products and systems deployed in the federal government and a key requirement for IT products that agencies consider using in their IT environments.
NISTs new publication, written by NIST fellow Ron Ross with several others, introduces a holistic approach to risk management rather than merely focusing on its IT aspect, a narrow scope that agencies traditionally have followed, according to NIST.
The publication instead asks organizations to consider its overall missions and business functions first when they consider risk-management and security. They are then encouraged to work from there to integrate security into information systems as well, according to NIST.
The goal of this approach is to make sure that agencies decisions about security -- at the organization, individual, partnership, and even national level -- are driven by strategic investments rather than IT interests or investments.
It also is meant to encourage organizations to build more secure systems that help their leaders understand the threats that exist beyond a mere IT level by the ever-increasing use of, and dependence on, information technology, and network connectivity, Ross said in a statement.
The recently published guide is the fourth in a series of risk management and IT security guidelines that the Joint Task Force Transformation Initiative -- a joint partnership between NIST, the Department of Defense, the Intelligence Community coalition, and the Committee on National Security Systems -- has published to help federal agencies build more secure IT systems.
The initiatives goal is to address the security challenges of both the federal government and U.S. critical infrastructure. The Secretary of Defense, the director of national intelligence, and the Secretary of Commerce lead the initiative.
Cybersecurity -- both internally and externally -- is a chief concern of the federal government under the Obama administration, which has directed a number of agencies to address the broader issue as well as each agency to shore up security within its own organization.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NIST Issues Risk Management Guidance