Posts Tagged ‘Risk Management’
National Institute of Standards and Technology (NIST) – Security and Privacy Controls for Federal Information Systems and Organizations
Latest Daft – Comments on SP 800-53, Revision 4 should be sent by March 1, 2013, to sec-cert@nist.gov.
NIST -Security and Privacy Controls for Federal Information Systems and Organizations
“…Through the process of risk management, leaders must consider risk to US interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations… “
“…For operational plans development, the combination of threats, vulnerabilities, and impacts must be evaluated in order to identify important trends and decide where effort should be applied to eliminate or reduce threat capabilities; eliminate or reduce vulnerabilities; and assess, coordinate, and deconflict all cyberspace operations…”
“…Leaders at all levels are accountable for ensuring readiness and security to the same degree as in any other domain…”
— THE NATIONAL STRATEGY FOR CYBERSPACE OPERATIONS OFFICE OF THE CHAIRMAN, JOINT CHIEFS OF STAFF, U.S. DEPARTMENT OF DEFENSE