NIST SECURITY MODELS
ü This
refers to “The National Security Telecommunications and Information systems
Security Committee” document. This document presents a comprehensive model for
information security. The model consists of three dimensions.
ü Another
possible approach available is described in the many documents available from
the Computer Security Resource Center of the National Institute for Standards
and Technology (csrc.nist.gov).
ü The
following NIST documents can assist in the design of a security framework:
–
NIST SP 800-12 : An Introduction to Computer
Security: The NIST Handbook
– NIST SP 800-14 : Generally Accepted Security Principles and
Practices for Securing
IT Systems
–
NIST SP 800-18 : The Guide for Developing
Security Plans for IT Systems
–
NIST SP 800-26:
Security Self-Assessment Guide for IT systems.
–
NIST SP 800-30: Risk
Management for IT systems.
ü
NIST
Special Publication SP 800-12
- SP 800-12 is an excellent reference and
guide for the security manager or administrator in the routine management of information security.
- It
provides little guidance, however, on design and implementation of new security
systems, and therefore should be used only as a valuable precursor to
understanding an information security blueprint.
ü
NIST
Special Publication SP 800-14
Generally
accepted Principles and practices for Security Information Technology Systems.
- Provides
best practices and security principles that can direct the security team in the
development of Security Blue Print.
- The scope
of NIST SP 800-14 is broad. It is important to consider each of the security
principles it presents, and therefore the following sections examine some of
the more significant points in more detail:
–
Security
Supports the Mission of the Organization
–
Security
is an Integral Element of Sound Management
–
Security
Should Be Cost-Effective
–
Systems
Owners Have Security Responsibilities Outside Their Own Organizations
–
Security
Responsibilities and Accountability Should Be Made Explicit
–
Security
Requires a Comprehensive and Integrated Approach
–
Security
Should Be Periodically Reassessed
–
Security
is Constrained by Societal Factors
–
33
Principles enumerated
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.