Posts Tagged ‘NIST 800-53’

Audit of security control and scoping

Filed in Risk Assessment, Security Compliance on Sep.01, 2009

Information Technology Control and Audit
The audit is utilized as a tool to check compliance control based on standards such as ISO 27002 or NIST 800-53 etc. Some other terms which are not sometime rigorous audit have been used to asses controls are gap analysis, benchmarking and control review.
Scoping sets the boundaries of the audit, where [...]

Comments

Control selection and cost savings

Filed in Security Risk Assessment on Aug.18, 2009

Information Security Risk Analysis
In risk management, risk treatment process begins after completion of a comprehensive risk assessment.
Once risks have been assessed, risk manager utilize the following techniques to manage the risks
• Avoidance (eliminate)
• Reduction (mitigate)
• Transfer (outsource or insure)
• Retention (accept and budget)
Now the question is how to select an appropriate control to avoid or [...]

Comments

Managing Risks and NIST 800-53

Filed in Security Risk Assessment on Aug.10, 2009

Image via Wikipedia
FISMA Certification & Accreditation Handbook
The organizations need to establish security program to manage their day to day risks. Before selecting the controls from standards such as (NIST 800-53 or ISO 27002), organizations need to have complete inventory of the assets involved in the scope. Assets involved in the scope would require a comprehensive [...]

Comments