Title :
Managing Enterprise Security Risk with NIST Standards
Author_Institution :
National Institute of Standards and Technology
Abstract :
Federal agencies and private-sector organizations are increasingly concerned with the risks that today´s sophisticated cyberthreats pose to critical enterprise missions and business functions. Federal Information Security Management Act (FISMA) established sweeping information security (IS) requirements for the federal government and contractors, and it made the National Institute of Standards and Technology (NIST) responsible for developing IS standards and guidelines to allow for compliance. NIST faced the challenging task of establishing mandatory minimum IS standards and guidelines for the federal government and supporting contractors, while ensuring flexible implementation based on diverse missions and business functions.
Keywords :
business continuity; government data processing; legislation; risk management; security of data; standards; Federal Information Security Management Act; IS requirements; NIST standards; National Institute of Standards and Technology; contractors; cyberthreats; enterprise security risk management; federal agencies; federal government; private-sector organizations; Computer security; Control systems; Guidelines; Information security; Information systems; NIST; National security; Protection; Risk management; Strategic planning; FISMA; NIST Standards; security;
DOI :
10.1109/MC.2007.284
