N.I.S.T. - by Software development company in india

iFour ConsultancyNIST

Mobile application company http://www.ifourtechnolab.com

1

NIST in briefNIST is a non-regulatory agency of the United States Department of Commerce.NIST is headquartered in Gaithersburg, Maryland, and operates a facility in Boulder, Colorado.NIST's activities are organized into laboratory programs and extramural programs.NIST mainly operates in following projectsMeasurements and standardsHandbook 44Homeland securityWTC collapse investigationElection technology

ISO for Software Outsourcing Companies in India



2

NIST 800-30 standardISO for Software Outsourcing Companies in IndiaRisk Management Guide for Information Technology SystemsRisk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level.This guide provides a foundation for the development of an effective risk management program, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems.This guide also provides information on the selection of cost-effective security controls.



3

Key roles of personnel supporting and participate in risk management process:Senior ManagementCIOSystem and information ownersBusiness and functional managersISSOIT security practitionersSecurity awareness trainers

NIST 800-30 standard (continued)ISO for Software Outsourcing Companies in India



4

Risk assessment methodology 9 stepsStep 1: System CharacterizationStep 2: Threat IdentificationStep 3: Vulnerability IdentificationStep 4: Control Analysis Step 5: Likelihood Determination Step 6: Impact AnalysisStep 7: Risk DeterminationStep 8: Control RecommendationsStep 9: Results DocumentationNIST 800-30 standard (continued)ISO for Software Outsourcing Companies in India



5

NIST 800-30 standard (continued)Risk Mitigation Options

Risk Assumption

Risk Avoidance

Risk Limitation

Risk Planning

Research and Acknowledgement

Risk Transference



Mobile application company http://www.ifourtechnolab.com6

NIST 800-30 standard (continued)Risk Mitigation StrategyISO for Software Outsourcing Companies in India



7

NIST 800-30 standard (continued)Risk Mitigation MethodologyStep 1: Prioritize ActionsStep 2: Evaluate Recommended Control OptionsStep 3: Conduct Cost-Benefit AnalysisStep 4: Select ControlStep 5: Assign ResponsibilityStep 6: Develop a Safeguard Implementation PlanStep 7: Implement Selected Control(s)




8

NIST 800-37 standardISO for Software Outsourcing Companies in IndiaGuide for Applying the Risk Management Framework to Federal Information SystemsRisk management framework has following characteristics:Integrates information security into the enterprise architecture and system development life cycle.Links risk management processes at the information system level to risk management processes at the organization level through a risk executive (function).Promotes the concept of near real-time risk management and ongoing information system authorization through the implementation of robust continuous monitoring processes.Establishes responsibility and accountability for security controls deployed within organizational information systems and inherited by those systems (i.e., common controls).



9

Tiered Risk Management ApproachNIST 800-37 standard (continued)



10

Risk Management Framework Life Cycle

NIST 800-37 standard (continued)



11

Referenceshttps://en.wikipedia.org/wiki/National_Institute_of_Standards_and_TechnologyNIST 800-30 StandardNIST 800-37 Standard


Mobile application company http://www.ifourtechnolab.com12

N.I.S.T. - by Software development company in india

Education

Transcript of N.I.S.T. - by Software development company in india