ipl-logo

NIST Special Presentation

1104 Words5 Pages
bulb-icon

Recommended: Principles of confidentiality

NIST SPECIAL PUBLICATIONS
Abdul Nayyer Mohammad Stephen Hyzny (Instructor) DATE: 3/6/2016 GOVERNORS STATE UNIVERSITY

Introduction NIST is a series of publications developed as a consequence of thorough exploration into workable for upgrading the security of information technology frameworks and systems in a proactive way. NIST is nothing but a catalog of controls which is being used in getting compliance …show more content…

It is mainly a part of special publication 800 series which gives the information about research and outreach initiatives in the information security system and also the about the actions with industry and government organizations. This NIST special publication is mainly divided into security controls like common, custom and hybrid categories. The category under the hybrid control is a standard control and is used to customize the requirements for a particular application. The category under the Custom control is used by an individual application. There are some other controls which comes under this NIST are Access Control, Configuration Management, Incident Response, Maintenance etc. The Access Control deals with the setting which are used for the information stored on the systems and also it is used to understand the session timeout settings for the developers. The Configuration management deals with the establishment and to identify the software installations. The Incident Response deals with the auditable setting to support the responses. The management deals with the controls on how to maintain the audit records and repairs on information …show more content…

This publication mainly focuses on the organizations and system owners to make sanitization decisions depending upon the types of confidentiality of their information. The key element of this publication is assuring the confidentiality. It also states that the types of media that are used to capture and transfer the information must be determined at the phase of the requirements for a particular system.

This NIST is the process that renders that access to target data for a given level of effort and the organizations must focus on the information that has been stored on the media, rather than to focus on the media itself. The controls that are responsible for safeguarding in the organizations they must use secure media. There are three types of sanitization one is Clear the second one is Purge and the third one is Destroy. The First one Clear deal with the techniques that are used to sanitize the data in all user address storage locations in order to protect against noninvasive recovery techniques and this is done with Read and Write commands on the storage device. The second one Purge deals with the techniques that target data recovery using state of the art lab techniques. The third one Destroy deals with the target information recovery infeasible and results not to use media for storage

Show More
Related

Nt1310 Unit 5 Essay

491 Words | 2 Pages

Exercises #3: There are many classification methods that can be used with IDPS’s systems. The main point of this system is to detect hostile actions. The first classification is based on the place where ID systems can be placed and the second one is based on analysis of the technique used. These ID systems can be classified into three main groups starting with Host Based Intrusion Detection System (HIPS), then Network Behavior Analysis (NBA), Network Based Intrusion Detection System (NIPS), and Wireless Intrusion Prevention System (WIPS). The WIPS it analysis the traffic of wireless network, NBA examines traffic to identify threats that generate unusual traffic flow, HIPS monitor single host for suspicious activity, NIPS it analyzes the traffic of entire network.

Read More

Nt1310 Unit 5 Security Testing Plan

149 Words | 1 Pages

The security controls, policies, procedures, and guidelines were tested using the security testing plan that was evaluated by a security team to correct and report flaws in the system design. The only major flaw doesn’t relate to the network or the physical system itself, but instead policies and procedures seem to be at the highest risk. Policies and procedures explain that the chain of custody during media transportation and disposal should be logged and tracked impeccably. I believe putting stronger controls in place for the transportation of media would lower the risk of exposed confidentiality tremendously. I believe each device used to transport should be trackable at any given time, rather than just by logs.

Read More

Nt1310 Unit 3 Pest Analysis

131 Words | 1 Pages

1. Policies governing the network insecurities which include Email and communications policy, Remote Access Policy, BYOD Policy and Encryption policy 2. User accounts management through training and assigning of user roles depending on their access levels to information in the organization. 3. Setting up workstations and assigning every user a workstation.

Read More

Nt1110 Unit 3

1424 Words | 6 Pages

Having security basically means that the data is safe from unauthorised or unexpected access, modification or deletion of files. Due to the vast majority of files being stored on a form of electronic device in the modern world, it is the job of the company, in this case Tesda, to ensure that access is limited to certain individuals and that they pose no threat to the company. Although there are many ways of accessing this information illegally, Tesda should concentrate on protecting against the most common types like viruses and system failure etc. Ensuring that there is a backup server is essential as this information is what keeps the business running and losing it will have a massive impact on them. Within Tesda, it will be the role of the management to assess who should and shouldn’t be granted access to particular bits of information and whether or not they will have it as read only or being able to edit the document.

Read More

Nt1310 Unit 1 Paper

512 Words | 3 Pages

Section 7 shows the limitations of the paper. At long last, Section 8 closes the paper and in addition depicting its impediments. 2. Related work Many types of survey and review researches have been done in the field of intrusion detection on the network, wireless sensor networks (WSN), cloud computing, and other areas.

Read More

Hcr 220 Week 3 Term Paper

449 Words | 2 Pages

Procedures and policies required to address this are: • Access control using unique user Identification protocols, emergency access, procedures, timed auto logoff, and encryption and decryption mechanisms. • Auditing system that ensures that the IT system with the PHI is being recorded and examined. • Having an IT system that is dependable and protects PHI from alteration and being destroyed. • Making sure that the person accessing the PHI has the proper proof to identify who they are and are authorized to access.

Read More

Data Room Risk Assessment Paper

891 Words | 4 Pages

An example would be prox card entry with security pin to unlock the doors. Along with electronic security access into the data room, a security staff will need to be formed that will be responsible for monitoring the data room and manage assigning access into the data room. Internal Server and Desktop Security Policies A risk assessment will need to be conducted in order to identify all locations where sensitive and classified information is

Read More

Similarities Between Booker T. Washington And W. E. B. Dubois

509 Words | 3 Pages

Strong civil rights activist Booker T Washington and W.E.B Dubois. Both helped us get our freedom, but what was their strategy? Both men had their story. Although Washington and Dubois had different views on how African Americans could get their equal rights, both of them where civil rights leaders that helped everyone. With their encouragement African Americans received their freedom.

Read More

VA Information Security Essay

1572 Words | 7 Pages

Introduction “VA’s mission is to promote the health, welfare, and dignity of all veterans in recognition of their service to the nation by ensuring that they receive medical care, benefits, social support, and memorials.” (Information Security: Veterans Affairs Needs to Resolve Long-Standing Weaknesses, 2010, p.1) The VA information system security program (ISSP) aims to protect the confidentiality, integrity and availability (CIA) of the VA’s information systems and business process. This program provides information of plans, policies and procedures to protect the VA’s system user’s privacy data. Also according to the Department of Veterans Affairs: Information Security Program (2007) this program provides a detailed list of the security

Read More

MSN Role Development

1019 Words | 5 Pages

Reporting analysis to those interested and providing market and vendor analysis will also be addressed. Information Security and Privacy in Healthcare Environments (IS555) This course deals with physical and technical secure storage of information, processing, and retrieving the information, and the distinct regulations to the healthcare

Read More

Health Information Varying Compliance Paper

759 Words | 4 Pages

Regulatory requirements, security and privacy laws and monitoring compliance are all essential when it comes to risk planning. In this paper I will discuss the importance of these compliances. I will then explain the major regulatory requirements that a direct effect on IT in healthcare, Also how security and privacy laws affect the design and operation of the outsourced IT function. As well as, the role of IT in monitoring compliance with the organization's risk management policies and plans when outsourcing the identified IT function. It is said that “In an organization compliance training should be implemented it “helps in understanding the legal boundaries within which an organization operates.

Read More

Framework V1 Executive Summary

518 Words | 3 Pages

Page Reference Changes made to Framework V1.1 pp. 5-6 The ‘Executive Summary’ was modified to more clearly present the Framework, the development process, and next steps. (Technology, 2017) p. 7 Section 1.0 ‘Framework Introduction’ was updated to reflect security implications of a broadening use of technology (e.g. ICS/CPS/IoT) and to more clearly define Framework uses.

Read More

Cloud Policy Statement

937 Words | 4 Pages

Therefore, reputable anti-virus software must be installed with current virus definitions to tackle the malicious viruses. Secure Data Storage Since all staff members are sharing sensitive consulting data of clients on the cloud. IT security will still back up its client data to ensure in the event of disaster data is not lost. Prohibited Practices General Activities Staff members will avoid the following activities:  Staff members will not be allowed to use copyrighted materials in the

Read More

Political Factors Affecting Ulta Beauty

913 Words | 4 Pages

For operational purposes, the company collects and stores confidential information about their customers, employees, suppliers, and vendors. For purposes of their rewards program, the company collects sensitive and confidential consumer information. Although security measures and information technology systems have been put in place to ensure secure transmission and storage of confidential information, security breaches, computer viruses, or even human error can occur. Any of these events could cause data to be lost or stolen, as well as disclosed and used with malicious intent. Such occurrence could lead to litigation, fines, increased security costs, and damage to

Read More

COBIT V4.1 Framework

993 Words | 4 Pages

Process Controls (PC) each COBIT process has genetic control requirements that are identified by PCn for process control number. They should be considered together with the process control objectives to have a complete view of control requirements. 6. Application Controls(AC) COBIT assumes the design and implementation of automated application controls to be responsibility of IT, which is covered in the Acquire and Implement domain based on business requirements defined using COBIT’s information criteria. The COBIT IT processes cover general IT controls, but only the development aspects of application controls.

Read More

More about NIST Special Presentation

Related Topics

Open Document