Technology Sectors

Market Sectors

<div style="text-align:center"> <p>"Mass Notification Profiles"</p> <p>Ideas and strategies<br><br /> from leading vendors</p> <p>Prepared exclusively<br><br /> for GSN Magazine<br><br /> by:</p> <p><a href="">LRAD Corporation</a></p> <p><a href="">Desktop Alert</a></p> <p>Available in Print or Online</p> </div>

NIST guide aims to set foundation for cyber risk assessment for infrastructure, law enforcement


The National Institute of Standards and Technology (NIST) released its final version of cyber risk assessment guidelines aimed at critical infrastructure entities, law enforcement and the military with information they need to secure their organization's information security and information technology infrastructures.

NIST intends the new risk assessment guidance released on Sept. 17 for leaders and executives at a variety of organizations, large and small, including financial institutions, health care providers, software developers, manufacturing companies, military planners and operators, and law enforcement groups.

The newest publication, the Guide for Conducting Risk Assessments, said NIST, completes the original series of five key computer security documents envisioned by the Joint Task Force -- a partnership of NIST, the Department of Defense, the Office of the Director of National Intelligence and the Committee on National Security Systems -- to create a unified information security framework for the federal government.

"Risk assessments are an important tool for managers," explains Ron Ross, NIST fellow and one of the authors of the newest guidance. "With the increasing breadth and depth of Cyber attacks on federal information systems and the U.S. critical infrastructure, risk assessments provide important information to guide and inform the selection of appropriate defensive measures so organizations can respond effectively to cyber-related risks."

Information technology risks include danger to the organization's operations (including, for example, missions and reputation), its critical assets such as data and physical property, and individuals who are part of or served by the organization, said the agency. In some cases, these risks extend to the nation as a whole, it said.

The newest release is a follow-up to a March 2011 NIST security release Managing Information Security Risk: Organization, Missions and Information System View (NIST Special Publication 800-39), that describes processes for managing information security risk for federal agencies and contractors. That process includes framing risk, assessing risk, responding to risk and monitoring risk over time, it said.

The Guide for Conducting Risk Assessments, focuses exclusively on risk assessment, which NIST said is the second step in the information security risk management process. The new guidance covers the four elements of a classic risk assessment: threats, vulnerabilities, impact to missions and business operations, and the likelihood of threat exploitation of vulnerabilities in information systems and their physical environment to cause harm or adverse consequences, it said.

"As the size and complexity of our collective IT infrastructure grows, we cannot protect everything we own or manage to the highest degree," says Ross. "Risk assessments show us where we are most at risk. It provides a way to decide where managers should focus their attention."


Recent Videos

IntraLogic's official release of the "One Button" Lockdown system on CBS 2 News.
HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...