How the Recommended Security Controls for Federal Information Systems and Organizations presented in NIST Special Publication 800-53 may also apply in the private sector?
NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA) of 2002 and in managing cost-effective programs to protect their information and information systems. Federal Information Processing Standards (FIPS) are developed by NIST in accordance with FISMA. FIPS are approved by the Secretary of Commerce and are compulsory and binding for federal agencies. Since FISMA requires that federal agencies comply with these standards, agencies may not waive their use. Guidance documents and recommendations are issued in the NIST Special Publication (SP) 800-series. Office of Management and Budget (OMB) policies (including OMB FISMA Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management) state that for other than national security programs and systems, agencies must follow NIST guidance. Other security-related publications, including interagency and internal reports (NISTIRs), and ITL Bulletins, provide technical and other information about NIST's activities. These publications are mandatory only when so specified by OMB.
How the Recommended Security Controls for Federal Information Systems and Organizations presented in NIST Special Publication...
A key tenet of the NIST SP 800-53r5 (Security and Privacy Controls for Information Systems and Organizations) specification is that security and privacy requirements are a subset of all requirements that can be imposed on an information system and/or an organization. In other words, when we develop systems/applications for example, we must consider security and privacy requirements as part of overall system requirements A. True B. False
True or False 16. Access to information, information processing facilities, and business processes should be controlled on the basis of employee’s requirements. 17. Access control rules should take account of policies for information dissemination and authorization. 18. NIST Special Publication 800-53 Recommended Security Controls for Commercial Information Systems. 19. The primary characteristic of the SABSA model is that everything must be derived from an analysis of the user’s requirements for security. 20. COBIT includes best practices, measures, and processes organizations...
When performing a gap analysis, one must have an understanding of the desired future or "to be" state. For cybersecurity focused gap analyses, we frequently use IT security controls as the means by which we describe the "to be" (or "should be") state of IT systems and Information Security Management Programs. There are a variety of guidance documents which list and define sets of security controls. Each of these documents or sets of controls has an underlying framework. One of...
#1) Select the best choice. For security controls, gap analysis involves comparing the present state of controls with a desired state of controls. At a minimum, common baseline security controls should be in place. Any gaps to various types of controls should be clearly documented, for example - "Information security responsibilities", which: a. Defines the program to provide initial and ongoing security education across the organization. b. Reduces risk from known vulnerabilities being exploited. c. Defines how staff will execute...
If an organization is going to have a chance at a successful security program they need to develop policies that provide direction for all security efforts and guide the conduct of the users. These policies need to be well written to provide the organization with solid guidance to support their security objectives. Identify and briefly describe the three types of security policies. Your response should include a discussion of where each should be used. Where should policy writers look to...
What is an Information Security Program (ISP) and how is an ISP used in organizations, companies and federal agencies?
What do you feel are the top 3 security issues of management information systems and how could organizations counter these issues?
Please choose 5 questions from 20 and answer them. 1. How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it? 2. Where can a security administrator find information on established security frameworks? 3. What is the ISO 27000 series of standards? Which individual standards make up the series? 4. What are the issues associated with adopting a formal framework or model? 5....
how do i calculate? The following information is available for Lock-Tite Company, which produces special-order security products and uses a job order costing system. April 30 May 31 $ $46,500 10,900 66,500 59,000 22,700 42,600 Inventories Raw materials Work in process Finished goods Activities and information for May Raw materials purchases (paid with cash) Factory payroll (paid with cash) Factory overhead Indirect materials Indirect labor Other overhead costs Sales (received in cash) Predetermined overhead rate based on direct labor cost...
how do i calculate? The following information is available for Lock-Tite Company, which produces special-order security products and uses a job order costing system. April 30 May 31 $ $32,000 9,300 66,000 37,000 19,200 33, 100 Inventories Raw materials Work in process Finished goods Activities and information for May Raw materials purchases (paid with cash) Factory payroll (paid with cash) Factory overhead Indirect materials Indirect labor Other overhead costs Sales (received in cash) Predetermined overhead rate based on direct labor...