In September, the National Institute of Standards and Technology (NIST) released a security self-assessment guide to help both governmental agencies and civilian commercial organizations with a standardized assessment tool to verify and validate their security implementations.
Recognizing that security of operational and customer information and the systems that process the information are a fundamental responsibility for IT management, organizations need to:
· Plan for security
· Ensure that the appropriate personnel are assigned specific security responsibilities
· Authorize system processing prior to operations regularly thereafter
These management responsibilities presume that responsible officials understand the risks and other factors that could adversely affect their goals. Furthermore, E-commerce and other information systems managers must clearly understand the current status of their security programs and the controls in place prior to making informed judgments and investments that appropriately mitigate risk to acceptable levels.
NIST is recommending self-assessment as one vehicle to measure information …