WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

New NIST publication offers advice on integrating information security risk planning into mission-critical functions

The US National Institute of Standards and Technology (NIST) has published the final version of a special publication that can help organizations to more effectively integrate information security risk planning into their mission-critical functions and overall goals.

‘Managing Information Security Risk: Organization, Mission, and Information System View’ (NIST Special Publication 800-39) provides the groundwork for a three-tiered, risk-management approach that "fundamentally changes how we manage information security risk," according to Ron Ross, NIST Fellow and one of the principal authors of the publication.

For decades, organizations have managed risk at the information system level that resulted in a very narrow perspective that constrained risk-based decisions by senior management, Ross explains. SP 800-39 calls for a holistic approach in which senior leaders determine what needs to be protected based on the organization's core missions and business functions. For example, managers of a power plant tied to the distribution grid need to ensure that its computer security keeps hackers from interfering with the plant's power generation or getting into the power grid to wreak greater havoc.

The publication is the fourth in the series of risk management and information security guidelines being developed by the Joint Task Force Transformation Initiative, a joint partnership among the Department of Defense, Intelligence Community, NIST and the Committee on National Security Systems.

SP 800-39 can be downloaded from here (PDF).

•Date: 3rd March 2011 • Region: US/World •Type: Article •Topic: ISM news



How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here