A three-tiered security risk management approach keeps managers abreast of information they need to make real-time risk-based decisions.
Here is what my story in Smarter Technology says about computer security: The National Institute of Standards and Technology is currently presenting two draft documents for organizationwide IT security risk management, aiming to provide the foundation for a tiered regime that provides the guidelines mandated by the Federal Information Security Management Act (FISMA). Aimed at upper-level management, but covering all levels of deployment, the documents seeks to convey an understanding of the latest information security components by which chief information officers (CIOs), security specialists and system owners can secure mission-critical IT functions. The document, called the "Integrated Enterprise-Wide Risk Management: Organization, Mission, and Information System View" (Special Publication 800-39), is available for public comments and can be downloaded here...
Full Text: http://bit.ly/NextGenLog-hyCE
