NIST's latest guidance adds controls that reflect the rapidly changing computing environment, but the fundamentals of implementing controls haven't changed, Senior Fellow Ross says in a video interview.
Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.
"Managing risk with regard to information systems and security sometimes doesn't go to the highest levels and that's why the risk framework is a way to get senior leaders involved early in the process," NIST senior computer scientist Ron Ross says.
The Protecting Cyberspace as a National Asset Act also would replace paper-based FISMA compliance with continuous monitoring of technology systems and assaults by "friendly hackers" to test IT vulnerabilities.
Congress should consider enacting legislation allowing the government to regulate how the private sector handles and stores data to battle the growing problem of data breaches, Rep. Yvette Clarke says.
Most organizations spend 30-50% more on compliance than they should 1. No matter the industry, with regulations such as GLBA, PCI, FISMA, SOX, and other regulations and mandates, it seems nobody is immune to scrutiny - but why spend so much more than what is necessary? In order to reduce the burden of an IT audit,...
The Interagency Guidelines Establishing Information Security Standards as per Gramm-Leach-Bliley Act (GLBA) of 2001 require each bank to have a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the bank and the...
This publication is not from one of the Federal or State Banking Agencies, but given our extremely diverse audience, this will be of interest to organizations and individuals responsible for developing and maintaining security plans and programs.
The objective of system security planning is to improve protection of...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.