[ISN] NIST supplies IT security handbook to managers
isn at c4i.org
Fri Jun 9 12:43:55 EDT 2006
By Wade-Hahn Chan
June 8, 2006
The National Institute of Standards and Technology has released a
draft of its Information Security Handbook. The handbook provides an
overview of information security measures to give managers a better
understanding of how to implement an information security program.
According to NIST's computer security resource center, the purpose of
the handbook is to inform the information security management team
about expected implementation and oversight of various aspects of
information security in their organizations. The publication includes
summaries of existing NIST publications and standards.
The 124-page document includes a section on designing, implementing
and overseeing a program for awareness and training for information
security standards. Other topics include summaries of the
responsibilities of agency heads, developing a life cycle for systems
development and detailing specific performance metrics for systems
evaluation. There is an extensive Frequently Asked Questions section
toward the end of the publication.
NIST is requesting that comments on the handbook be sent to
handbk-100 at nist.gov. NIST will be accepting comments until August 7.
More information about the ISN