Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Managing Enterprise Risk in Today's World of Sophisticated Threats: A Framework for Developing Broad-based, Cost-effective Information Security Programs

Published

Author(s)

Ronald S. Ross

Abstract

The Federal Information Security Management Act of 2002 places significant requirements on federal agencies for the protection of information and information systems including those systems comprising the critical infrastructure of the United States. The National Institute of Standards and Technology (NIST) is leading the development of key information security standards and guidelines as part of its FISMA Implementation Project. This high priority project includes the development of security categorization standards (FIPS Publication 199), minimum security requirements standards (FIPS Publication 200), guidelines for the selection of minimum or baseline security controls for information systems (Special Publication 800-53), guidelines for assessing the effectiveness of security controls (Special Publication 800-53A) and guidelines for the security certification and accreditation of information systems (Special Publication 800-37). This paper covers some of the key provisions of the FISMA legislation, the publications developed by NIST in support of the legislation, and how the FISMA-related security standards and guidelines can be integrated into a comprehensive Risk Management Framework.
Conference Dates
November 27-December 1, 2006
Conference Location
Washington, DC
Conference Title
4th International Aviation Security Technology Symposium

Keywords

accreditation, assurance requirements, common security controls, information technology, operational controls, organizational responsibilities, risk assessment, risk management, security controls, technical controls

Citation

Ross, R. (2006), Managing Enterprise Risk in Today's World of Sophisticated Threats: A Framework for Developing Broad-based, Cost-effective Information Security Programs, 4th International Aviation Security Technology Symposium, Washington, DC, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50946 (Accessed April 14, 2024)
Created December 28, 2006, Updated February 19, 2017