Security Management Strategies for the CIOAccess "Viewpoint: FIPS concepts applicable beyond governments"
This article is part of the February 2008 issue of Does security make the grade in Windows Server 2008?
Follow Government's Lead Dave Shackleford ("Shine Those Skills," November 2007) states CISOs need to be more concerned with risk management, and not so much with technical details. I agree; however, I would like to point out that risk management is at the heart of the certification and accreditation process used by the government to control which systems are allowed into operation. The process is described by the DoD's "Information Assurance Certification and Accreditation Process Interim Guidance," and by FIPS 200: "Minimum Security Requirements for Federal Information and Information Systems" and NIST Special Publication 800-53, "Recommended Security Controls for Federal Information Systems," for other government agencies. In both cases, the processes include a number of steps to determine and mitigate the risks to the system, ending up with a determination that the risks have been adequately identified and can be mitigated (certification) and an acceptance of the residual risks by a responsibility party (accreditation). Although these processes are aimed ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Data Loss Prevention Tools Offer Insight into Where Data Lives
DLP tools help mitigate incidents and aid with data discovery.
- Viewpoint: FIPS concepts applicable beyond governments
-
KoolSpan's TrustChip secures cell phones, other mobile apps
KoolSpan has incorporated its authentication/encryption technology into a Secure Digital (SD) card, which can be plugged into any compatible cell phone.
-
Product review: Titus Labs' Message Classification
DOCUMENT CLASSIFICATION
-
Survey: Security Pros Identify Priorities for 2008
Security professionals prioritize mobility and security, identity and access management, protecting data and intellectual property and vulnerability management.
-
Data Loss Prevention Tools Offer Insight into Where Data Lives
-
-
Examine Security Features and Tools of Microsoft Windows Server 2008
Unwrap Windows Server 2008, the first server revision under Trustworthy Computing. Microsoft promises it is secure by design, default and deployment.
-
Product review: BreakingPoint Systems' BPS-1000
NETWORK DEVICE TESTING
-
Product review: Application Security Inc.'s DbProtect
DATABASE SECURITY & COMPLIANCE
-
Webroot Antispyware Corporate Edition product review
Protect against antispyware and antivirus with Webroot Antispyware Corporate Edition. In this product review get info on installation, cost, management and policy control.
-
Security Services: Postini Message Discovery, Archive editions
At Your Service
-
Examine Security Features and Tools of Microsoft Windows Server 2008
-
Columns
-
March of the Trojans: The rising Trojan threat
by Dennis Fisher
Trojans such as Storm, the Nugache worm and a host of other botnets have compromised millions of PCs, most without the knowledge of the machine's owners.
-
Governance: Security is tiny portion of IT budgets
by Robert Westervelt, News Director
A Burton Group survey says security budgets typically make up 2% of IT budgets.
-
Interview with Troon Golf's Cary Westmark
PING: Cary Westmark
-
Layer8: Applying numbers to risk management
Quality Counts, Not Quantity
-
Key Security Initiatives Abound
Editor's Desk: Everything Goes
-
Perspectives: SSL No Security Blanket
Encryption cannot patch the holes created by insecure software.
-
March of the Trojans: The rising Trojan threat
by Dennis Fisher
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...