The National Institute of Standards and Technology is tackling computer security, promising an official three-tiered risk-management approach that spans the highest levels of management to the individual algorithms. Look for an increased emphasis of computer security as the number of malicious emails and web pages vie to surpass legitimate ones by 2012. R. Colin Johnson @NextGenLog
A three-tiered security risk management approach keeps managers abreast of information they need to make real-time risk-based decisions.
Here is what my story in Smarter Technology says about computer security: The National Institute of Standards and Technology is currently presenting two draft documents for organizationwide IT security risk management, aiming to provide the foundation for a tiered regime that provides the guidelines mandated by the Federal Information Security Management Act (FISMA). Aimed at upper-level management, but covering all levels of deployment, the documents seeks to convey an understanding of the latest information security components by which chief information officers (CIOs), security specialists and system owners can secure mission-critical IT functions. The document, called the "Integrated Enterprise-Wide Risk Management: Organization, Mission, and Information System View" (Special Publication 800-39), is available for public comments and can be downloaded here...
Full Text: http://bit.ly/NextGenLog-hyCE