NIST's latest guidance adds controls that reflect the rapidly changing computing environment, but the fundamentals of implementing controls haven't changed, Senior Fellow Ross says in a video interview.
Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.
"Managing risk with regard to information systems and security sometimes doesn't go to the highest levels and that's why the risk framework is a way to get senior leaders involved early in the process," NIST senior computer scientist Ron Ross says.
"Not having the technical expertise, you rely on the manufacturer to help you with something like this - to stay one step ahead of these problems." - Lilia Rojo, SCE Federal Credit Union
The Protecting Cyberspace as a National Asset Act also would replace paper-based FISMA compliance with continuous monitoring of technology systems and assaults by "friendly hackers" to test IT vulnerabilities.
The release of the FBI's Internet Crime Complaint Center (IC3)annual report continues to reveal some seriously troubling numbers if you're on the side of the good guys.
The $60 million settlement announced by Heartland Payment Systems and Visa on Friday didn't come without some provisions (translated: strings attached) for those institutions thinking about taking the settlement offer.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.