Wow, someone reads NIST draft guidance. ;) I would be interested in perspectives on this document if anyone takes the time to read the draft.
Disclaimer: I work at NIST but not in the Division that produced this document. Carolyn On Wed, May 14, 2014 at 11:49 PM, Ray Frush <[email protected]> wrote: > Diverging from the current thread of conversation, I saw this linked in > my news stream, and thought it a worthy topic to share with this group. To > be honest, I'm still trying to read this, but a quick scan gave me the > impression of it's general applicability to System Administrators and the > systems we manage. > > A quote from the paper: > > Such activities are performed consistently at every stage of the system > life cycle, including the concept stage, development stage, production > stage, utilization/support stages, and retirement—thus enabling delivery of > trustworthy, resilient systems that satisfy stakeholder requirements and > enforce the organizational security policies within the constraints and > risk tolerance defined by the stakeholders. > > > How many of you have $WORK that has the luxury of considering all the > aspects of security that this document suggests? My guess is that many > publicly traded companies have widely differing concepts of "risk > tolerance"... > > > http://csrc.nist.gov/publications/PubsDrafts.html#800-160 > > > "NIST requests comments on the initial public draft of Special Publication > (SP) 800-160, Systems Security Engineering: An Integrated Approach to > Building Trustworthy Resilient Systems. The new security guidelines > recommend steps to help develop a more defensible and survivable > information technology (IT) infrastructure—including the component > products, systems, and services that compose the infrastructure. A formal > announcement of the publication is planned on May 13, 2014 at the College > of Science and Engineering, Technology Leadership Institute, University of > Minnesota. The public comment period runs from May 13 through July 11, > 2014. " > > -- > Ray Frush > Time files like an arrow... > ...but fruit flies like a banana > > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > >
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
