An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Managing Enterprise Risk in Today's World of Sophisticated Threats: A Framework for Developing Broad-based, Cost-effective Information Security Programs
Published
Author(s)
Ronald S. Ross
Abstract
The Federal Information Security Management Act of 2002 places significant requirements on federal agencies for the protection of information and information systems including those systems comprising the critical infrastructure of the United States. The National Institute of Standards and Technology (NIST) is leading the development of key information security standards and guidelines as part of its FISMA Implementation Project. This high priority project includes the development of security categorization standards (FIPS Publication 199), minimum security requirements standards (FIPS Publication 200), guidelines for the selection of minimum or baseline security controls for information systems (Special Publication 800-53), guidelines for assessing the effectiveness of security controls (Special Publication 800-53A) and guidelines for the security certification and accreditation of information systems (Special Publication 800-37). This paper covers some of the key provisions of the FISMA legislation, the publications developed by NIST in support of the legislation, and how the FISMA-related security standards and guidelines can be integrated into a comprehensive Risk Management Framework.
Conference Dates
November 27-December 1, 2006
Conference Location
Washington, DC
Conference Title
4th International Aviation Security Technology Symposium
Ross, R.
(2006),
Managing Enterprise Risk in Today's World of Sophisticated Threats: A Framework for Developing Broad-based, Cost-effective Information Security Programs, 4th International Aviation Security Technology Symposium, Washington, DC, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50946
(Accessed December 3, 2024)