Diverging from the current thread of conversation, I saw this linked in my news stream, and thought it a worthy topic to share with this group. To be honest, I'm still trying to read this, but a quick scan gave me the impression of it's general applicability to System Administrators and the systems we manage.
A quote from the paper: Such activities are performed consistently at every stage of the system life cycle, including the concept stage, development stage, production stage, utilization/support stages, and retirement—thus enabling delivery of trustworthy, resilient systems that satisfy stakeholder requirements and enforce the organizational security policies within the constraints and risk tolerance defined by the stakeholders. How many of you have $WORK that has the luxury of considering all the aspects of security that this document suggests? My guess is that many publicly traded companies have widely differing concepts of "risk tolerance"... http://csrc.nist.gov/publications/PubsDrafts.html#800-160 "NIST requests comments on the initial public draft of Special Publication (SP) 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. The new security guidelines recommend steps to help develop a more defensible and survivable information technology (IT) infrastructure—including the component products, systems, and services that compose the infrastructure. A formal announcement of the publication is planned on May 13, 2014 at the College of Science and Engineering, Technology Leadership Institute, University of Minnesota. The public comment period runs from May 13 through July 11, 2014. " -- Ray Frush Time files like an arrow... ...but fruit flies like a banana
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
