Cyber Security Guidelines Finally Updated





SecurityProNews (Enable images to fully enjoy)

March 01, 2012

Top Security News

RSA Conference 2012 To Name Most Innovative...
The RSA Conference, held in San Francisco this year, is only a few days away. Over the course of the five day conference attendees will be able to take place in Peer2Peer sessions, SANS Tutorials, or, of...

Despite Recent Threats American Infrastructure...
When most people think of cyber crime and cyber terrorism, they think of credit card information being stolen, identities being compromised, and, most recently, massive DDOS attacks by organizations...

Pwn2Own Contest Puts Bounty On Browser...
Dog the Bounty Hunter, known for his shirtless leather vest approach to dressing and his less than tactful approach to apprehending bail jumpers, may not be ready for the next round of bounties coming...

NIST Releases Updates To Security Guidelines

By: Trevor Boland

With the growing threat presented to information centric businesses by tech mobility and the cloud, NIST finally updated the federal guidelines on cyber security. NIST, or the National Institute of Standards and Technology, released their first draft February 28th, three years since the last update in 2009.

Among the changes are a cloud first policy, making cloud technology a priority for IT projects. In addition, the policy acknowledges a bring your own device policy, allowing employees to use the mobile device of their choosing at work. Ron Ross, FISMA Implementation Project Leader stated,


"The changes we propose in Revision 4 are directly linked to the current state of the threat space--the capabilities, intentions and targeting activities of adversaries--and analysis of attack data over time."

In addition, the revision includes a modification to their guidance on security assurance, Appendix E. The appendix explains how organizations can "establish measures of confidence that the security controls put in place are providing the necessary security capability to protect critical missions and business operations".

In the end, I think Ross sums it up best, "Having security functionality in your information systems without the appropriate assurance is like skydiving without a backup parachute--you don't need it until you need it. And without it, the outcome is very predictable." You can see the full revisions here.

About the Author:
Trevor is a staff writer for the iEntry Network.
SecurityProNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com NetworkNewz.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com


About SecurityProNews
SecurityProNews is updated in real time with vital internet security alerts, news and in-depth articles for IT Managers. SecurityProNews understands that IT Management Begins With Security.



Advertising Newsletters Corporate Info Site Map Support
--This email is a service of SecurityProNews--

, Inc. 2549 Richmond Rd. Lexington KY, 40509
All Rights Reserved. Terms under which this service is provided to you. Read our privacy policy. Contact us.		 SecurityProNews is part of the iEntry Inc. Network of sites and newsletters.

SecurityProNews (Enable images to fully enjoy) About Us News Archives Feedback