Helping managers get a handle on IT security

March 02, 2007

Two new publications issued by the National Institute of Standards and Technology (NIST) will help senior executives, auditors and others in federal agencies better understand how to manage, support, and evaluate their information security programs.

Information Security Guide for Government Executives (NISTIR 7359) was developed specifically to help senior managers better understand how to oversee and support information security programs. According to the 14-page document, "senior management's commitment to information security initiatives is the single most critical element that impacts an information security program's success." The guide answers five key questions about information security for senior managers: Program Review for Information Security Management Assistance (PRISMA) (NISTIR 7358) explains a standardized approach that organizations can use to review and measure the maturity of an information security program in nine areas. Eight of the areas focus on management and operation of the information security program and evaluate the agency's ability to comply with existing requirements. They include: information security management and culture; information security planning; security awareness training, and education; budget and resources; life cycle management; certification and accreditation; critical infrastructure protection; and incident and emergency response. The ninth area, security controls, reviews the technical aspects of the overall information security program.

Both publications are available at

National Institute of Standards and Technology (NIST)

Related Information Security Articles from Brightsurf:

Some employees more likely to adhere to information security policies than others
Information security policies (ISP) that are not grounded in the realities of an employee's work responsibilities and priorities exposes organizations to higher risk for data breaches, according to new research from Binghamton University, State University of New York.

Data Security in Website Tracking
Tracking of our browsing behavior is part of the daily routine of Internet use.

High-security identification that cannot be counterfeited
Researchers from University of Tsukuba have used the principles that underpin the whispering-gallery effect to create an unbeatable anti-counterfeiting system.

Focus on food security and sustainability
The number of malnourished people is increasing worldwide. More than two billion people suffer from a lack of micronutrients.

Eliminating infamous security threats
Speculative memory side-channel attacks like Meltdown and Spectre are security vulnerabilities in computers.

UBC study: Publicizing a firm's security levels may strengthen security over time
New research from the UBC Sauder School of Business has quantified the security levels of more than 1,200 Pan-Asian companies in order to determine whether increased awareness of one's security levels leads to improved defense levels against cybercrime.

An MSU-based researcher developed an algorithm to improve information security tools
A scientist from MSU developed an algorithm increasing the speed of calculation of cryptographic transformations based on elliptical curves that requires little computational power.

Peatland contributions to UK water security
Scientists from the University of Leeds have developed a new global index that identifies water supplied from peatlands as a significant source of drinking water for the UK and the Republic of Ireland.

Improve your information security by giving employees more options
A recent study published in the Journal of Management Information Systems suggests information security managers and supervisors could have greater success in motivating employees to act more securely by avoiding cold, authoritative commands, and instead create security messages that are relatable and provide options for how employees can better protect information and respond to threats.

Shh! Proven security for your secrets
Researchers show the security of their cipher based on chaos theory.

Read More: Information Security News and Information Security Current Events is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to