By Wade-Hahn Chan
June 8, 2006
The National Institute of Standards and Technology has released a
draft of its Information Security Handbook. The handbook provides an
overview of information security measures to give managers a better
understanding of how to implement an information security program.
According to NIST's computer security resource center, the purpose of
the handbook is to inform the information security management team
about expected implementation and oversight of various aspects of
information security in their organizations. The publication includes
summaries of existing NIST publications and standards.
The 124-page document includes a section on designing, implementing
and overseeing a program for awareness and training for information
security standards. Other topics include summaries of the
responsibilities of agency heads, developing a life cycle for systems
development and detailing specific performance metrics for systems
evaluation. There is an extensive Frequently Asked Questions section
toward the end of the publication.
NIST is requesting that comments on the handbook be sent to
firstname.lastname@example.org. NIST will be accepting comments until August 7.
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.