Printer Friendly

NIST publishers Information Technology Security risk management guideline. (News Briefs).

In fulfillment of NIST's statutory responsibilities to advise Federal agencies on IT security, NIST recently published two new security guidance documents. NIST Special Publication 800-30. Risk Management Guide for Information Technology Systems provides an overview of the risk management process, describes how it fits into the system development life cycle, and defines the roles of various personnel who support and use this process. It also describes a risk assessment methodology, the steps in conducting an information technology risk assessment, and a risk mitigation process. Additionally, it outlines some factors that lead to a successful risk management program.

NIST Special Publication 800-33, Underlying Technical Models for Information Technology Security, provides a description of the technical foundations, termed "models," that underlie secure information technology. The document provides, in a concise form, the models that should be considered in the design and development of technical security capabilities. These models encompass lessons learned, good practices, and specific technical considerations. The documents are available at

CONTACT: Edward Roback, (301) 975-3696;
COPYRIGHT 2002 National Institute of Standards and Technology
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2002, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Journal of Research of the National Institute of Standards and Technology
Article Type:Brief Article
Geographic Code:1USA
Date:Mar 1, 2002
Previous Article:NIST's Cryptographic Module Validation Program achieves major milestones. (News Briefs).
Next Article:NIST measurements identify mechanisms that limit polymer processing. (News Briefs).

Related Articles
Author Guidelines for Electronic References.
Institutional Trading Technology focuses on information and trading systems.
Information Management Issues in Mergers and Acquisitions: A Manager's Briefing.
Note to Readers.
Message from the chief editor.
NIST offers online metrology resource for electronics manufacturers. (News Briefs).
NIST publishes 2001 Edition of SP 330. (News Briefs).
NIST updates health care community on IT security work.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters