Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Florida Information Technology Resource Security Policies and

advertisement

NIST Risk Management Framework

STEP 4 AND STEP 6

MONITOR

SELECT

CATEGORIZE

STEP

STEP

2

1

AUTHORIZE

ASSESS

IMPLEMENT

STEP

STEP

4

STEP

5

STEP

6

3

February 17, 2015

Speaker: Ed Wilson

Florida Information Technology Resource Security Policies and Standards identified in 71A-1.001-.010, F.A.C. documented a framework of NIST information security best practices for state agencies in order to safeguard the confidentiality, integrity, and availability of Florida government data and information technology resources.

It defines minimum standards to be used by state agencies to categorize information and information technology resources based on the objectives of providing appropriate levels of information security according to risk levels.

It defines minimum management, operational and technical security controls to be used by state agencies to secure information and information technology resources.

State agencies shall use these standards as the minimum security requirements for information and information technology resources.

The process to comply with Florida Information Technology Resource Security Policies and Standards LOW ,

MODERATE , and HIGH level system security is documented in the NIST Risk Management Framework (RMF) http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf

.

All business processes operate with some level of risk and one of the most effective ways to protect these business processes is through the implementation of effective internal security controls, risk evaluation, and risk management. An effective approach is to use the following NIST SP800-37 Risk Management Framework six-steps:

An important component of the RMF is STEP 4: ASSESS.

During this step, the user assesses the planned or implemented security controls, using appropriate procedures identified in SP800-53A, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. An assessment procedure consists of a set of assessment objectives, each with an associated set of potential assessment methods and assessment objects. An assessment objective includes a set of determination statements related to the particular security control under assessment. The determination statements are linked to the content of the security control to ensure traceability of assessment results back to the fundamental control requirements. The application of an assessment procedure to a security control produces assessment findings. These findings reflect, or are subsequently used, to help determine the overall effectiveness of the security control. STEP 6: MONITOR.

Is maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.

To help with implementation and auditing, the ISACA Tallahassee Chapter will present a Brown Bag session on February 17,

2015 that will provide an overview of Step 4 and Step 6 with a brief overview of STEP 5: AUTHORIZE .

Related documents
APU ISSC661 Week 8 Assignment
APU ISSC661 Week 8 Assignment
week 3 homework
week 3 homework
Section_02_Rev7-03.doc
Section_02_Rev7-03.doc
Risk is the net negative impact of the exercise of a vulnerability
Risk is the net negative impact of the exercise of a vulnerability
National Institute of Standards and Technology NIST Assets Include:
National Institute of Standards and Technology NIST Assets Include:
EE426: Fundamentals of Instrumentation Problem Set 1
EE426: Fundamentals of Instrumentation Problem Set 1
Cell Phone and PDA Security: NIST SP800-124
Cell Phone and PDA Security: NIST SP800-124
Shomate equation
Shomate equation
PowerPoint Slides from this Seminar
PowerPoint Slides from this Seminar
NIST key size recommendations
NIST key size recommendations
CAP Study list
CAP Study list
Click to a copy of college transition suggested readings.
Click to a copy of college transition suggested readings.
recruitment-student-1
recruitment-student-1
Section 3 Directives & Best Practices
Section 3 Directives & Best Practices
Printable NIST information
Printable NIST information
Standards Training and Education in U.S. Government Presentation to ICES Hangzhou, China
Standards Training and Education in U.S. Government Presentation to ICES Hangzhou, China
Presentation Slides
Presentation Slides
Managing Security Risk Object Management Group Technical Meeting
Managing Security Risk Object Management Group Technical Meeting
Wednesday, November 5, 2014
Wednesday, November 5, 2014
National Information Assurance Partnership
National Information Assurance Partnership
news 1 + industry
news 1 + industry
doc
doc
Download
advertisement