N.I.S.T. - by Software development company in india
-
Upload
ifour-consultancy -
Category
Education
-
view
176 -
download
0
Transcript of N.I.S.T. - by Software development company in india
iFour ConsultancyNIST
Mobile application company http://www.ifourtechnolab.com
1
NIST in briefNIST is a non-regulatory agency of the United States Department of Commerce.NIST is headquartered in Gaithersburg, Maryland, and operates a facility in Boulder, Colorado.NIST's activities are organized into laboratory programs and extramural programs.NIST mainly operates in following projectsMeasurements and standardsHandbook 44Homeland securityWTC collapse investigationElection technology
ISO for Software Outsourcing Companies in India
Mobile application company http://www.ifourtechnolab.com
Mobile application company http://www.ifourtechnolab.com
2
NIST 800-30 standardISO for Software Outsourcing Companies in IndiaRisk Management Guide for Information Technology SystemsRisk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level.This guide provides a foundation for the development of an effective risk management program, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems.This guide also provides information on the selection of cost-effective security controls.
Mobile application company http://www.ifourtechnolab.com
Mobile application company http://www.ifourtechnolab.com
3
Key roles of personnel supporting and participate in risk management process:Senior ManagementCIOSystem and information ownersBusiness and functional managersISSOIT security practitionersSecurity awareness trainers
NIST 800-30 standard (continued)ISO for Software Outsourcing Companies in India
Mobile application company http://www.ifourtechnolab.com
Mobile application company http://www.ifourtechnolab.com
4
Risk assessment methodology 9 stepsStep 1: System CharacterizationStep 2: Threat IdentificationStep 3: Vulnerability IdentificationStep 4: Control Analysis Step 5: Likelihood Determination Step 6: Impact AnalysisStep 7: Risk DeterminationStep 8: Control RecommendationsStep 9: Results DocumentationNIST 800-30 standard (continued)ISO for Software Outsourcing Companies in India
Mobile application company http://www.ifourtechnolab.com
Mobile application company http://www.ifourtechnolab.com
5
NIST 800-30 standard (continued)Risk Mitigation Options
Risk Assumption
Risk Avoidance
Risk Limitation
Risk Planning
Research and Acknowledgement
Risk Transference
ISO for Software Outsourcing Companies in India
Mobile application company http://www.ifourtechnolab.com
Mobile application company http://www.ifourtechnolab.com6
NIST 800-30 standard (continued)Risk Mitigation StrategyISO for Software Outsourcing Companies in India
Mobile application company http://www.ifourtechnolab.com
Mobile application company http://www.ifourtechnolab.com
7
NIST 800-30 standard (continued)Risk Mitigation MethodologyStep 1: Prioritize ActionsStep 2: Evaluate Recommended Control OptionsStep 3: Conduct Cost-Benefit AnalysisStep 4: Select ControlStep 5: Assign ResponsibilityStep 6: Develop a Safeguard Implementation PlanStep 7: Implement Selected Control(s)
ISO for Software Outsourcing Companies in India
Mobile application company http://www.ifourtechnolab.com
Mobile application company http://www.ifourtechnolab.com
8
NIST 800-37 standardISO for Software Outsourcing Companies in IndiaGuide for Applying the Risk Management Framework to Federal Information SystemsRisk management framework has following characteristics:Integrates information security into the enterprise architecture and system development life cycle.Links risk management processes at the information system level to risk management processes at the organization level through a risk executive (function).Promotes the concept of near real-time risk management and ongoing information system authorization through the implementation of robust continuous monitoring processes.Establishes responsibility and accountability for security controls deployed within organizational information systems and inherited by those systems (i.e., common controls).
Mobile application company http://www.ifourtechnolab.com
Mobile application company http://www.ifourtechnolab.com
9
Tiered Risk Management ApproachNIST 800-37 standard (continued)
Mobile application company http://www.ifourtechnolab.com
Mobile application company http://www.ifourtechnolab.com
10
Risk Management Framework Life Cycle
NIST 800-37 standard (continued)
Mobile application company http://www.ifourtechnolab.com
Mobile application company http://www.ifourtechnolab.com
11
Referenceshttps://en.wikipedia.org/wiki/National_Institute_of_Standards_and_TechnologyNIST 800-30 StandardNIST 800-37 Standard
Mobile application company http://www.ifourtechnolab.com
Mobile application company http://www.ifourtechnolab.com12