Security self-assessment guide for information technology system
Read Online
Share

Security self-assessment guide for information technology system by Marianne Swanson

  • 329 Want to read
  • ·
  • 58 Currently reading

Published by U.S. Department of Commerce, Computer Security Division, Information Technology, National Institute of Standards and Technology in Gaithersburg, MD .
Written in English

Subjects:

  • Computer security.,
  • Data protection.,
  • Information technology -- Security measures.

Book details:

Edition Notes

StatementMarianne Swanson.
SeriesNIST special publication ;, 800-26, Computer security, NIST special publication.
Classifications
LC ClassificationsQA76.9.A25 S918 2001
The Physical Object
Pagination1 v. (various paging) ;
ID Numbers
Open LibraryOL3597664M
LC Control Number2002320193

Download Security self-assessment guide for information technology system

PDF EPUB FB2 MOBI RTF

Adequate security of information and the systems that process it is a fundamental management responsibility. Agency officials must understand the current status of their information security program and controls in order to make informed judgments and investments that appropriately mitigate risks to an acceptable level. Self-assessments provide a method for agency officials to determine the Cited by:   This ITL Bulletin summarizes Special Publication (SP) , Security Self-Assessment Guide for Information Technology Systems. Adequate security of information and the systems that process it is a fundamental management responsibility. Agency officials must understand the current status of their information security program and controls in order to make informed Cited by: This self-assessment guide utilizes an extensive questionnaire containing specific control objectives and techniques against which an unclassified system or group of interconnected systems can be tested and measured. The guide does not establish new security requirements. The control objectives and techniques are abstracted directly from long Cited by: Self-Assessment Handbook. For Assessing NIST SP systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of organization Establish and enfor ce security configuration settings for information technology.

The National Institute of Standards and Technology control self-assessment methodology is based on customised questionnaires. It is an IT focused methodology suitable for assessing system based controls. It provides a cost-effective technique to determine the status of information security controls, identify any weaknesses and, where. Security Self-Assessment Guide For IT Systems 1 1. Introduction A self-assessment conducted on a system (major application or general support system) or multiple self-assessments conducted for a group of interconnected systems (internal or external to the agency) is one method used to measure information technology (IT) security assurance. Computer Security Division. Information Technology Laboratory. National Institute of Standards and Technology. Gaithersburg, MD and outreach efforts in information system security, and its collaborative activities Special Publication Guide for Conducting Risk Assessments. Information Technology Security Handbook v T he Preparation of this book was fully funded by a grant from the infoDev Program of the World Bank Group. The topic of Information Technology (IT) security has been growing in importance in the last few years, and .

Get this from a library! Security self-assessment guide for information technology systems. [Marianne Swanson; National Institute of Standards and Technology (U.S.)] -- Self-assessments provide a method for agency officials to determine the current status of their information security programs and, where necessary, establish a target for improvement. Physical Security Systems Assessment Guide – December PSS-3 Appendix B (Access Control System Performance Tests) contains effectiveness tests on entry control and detection equipment. Appendix C (Communications Equipment Performance Tests) contains performance tests on radio equipment and duress alarms. minimum standard for evaluating the security of Federal information systems. It includes an extensive questionnaire containing specific control objectives, elements, and techniques against which systems can be tested and measured. 1 NIST Special Publication , “Security Self-Assessment Guide for Information Technology Systems. In addition, this guide provides information on the selection of cost-effective security controls.2 These controls can be used to mitigate risk for the better protection of mission-critical information and the IT systems that process, store, and carry this information.