For the security of any system to be strong, the system's owners must consider three fundamental security areas: management controls, operational controls, and technical controls. While technical controls, such as encryption, digital signatures, or firewalls, receive the most attention, inadequate operational controls and the day-to-day administration of technical controls often create the most vulnerabilities. Strong management controls are needed to tie all the aspects of security together into a sensible protection strategy. NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, helps organizations to improve their operational and management controls. This CSL Bulletin explains some of the needs which GSSPs can solve and presents a set of generally accepted system security principles developed by NIST.
For the security of any system to be strong, the system's owners must consider three fundamental security areas: management controls, operational controls, and technical controls. While technical controls, such as encryption, digital signatures, or firewalls, receive the most attention, inadequate...
See full abstract
For the security of any system to be strong, the system's owners must consider three fundamental security areas: management controls, operational controls, and technical controls. While technical controls, such as encryption, digital signatures, or firewalls, receive the most attention, inadequate operational controls and the day-to-day administration of technical controls often create the most vulnerabilities. Strong management controls are needed to tie all the aspects of security together into a sensible protection strategy. NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, helps organizations to improve their operational and management controls. This CSL Bulletin explains some of the needs which GSSPs can solve and presents a set of generally accepted system security principles developed by NIST.
Hide full abstract