Guide to NIST security documents

Security Strategies This newsletter is sponsored by Fluke Networks Whitepaper: Secure network from inside Are internal users putting your network at risk? Spending too much time tracking down unauthorized devices and applications? This paper explains how having the proper tool enables you to quickly identify security threats and stop them fast. Network World's Security Strategies Newsletter, 05/08/07 Guide to NIST security documents By M. E. Kabay One of the most valuable sources for downloading free, unbiased publications about security management is the Web site of the National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) Computer Security Division (CSD) Computer Security Resource Center (CSRC). According to the description on their home page, the CSRC "develops computer security prototypes, tests, standards, and procedures to protect sensitive information from unauthorized access or modification. Focus areas include cryptographic technology and applications, advanced authentication, public-key infrastructure, internetworking security, criteria and assurance, and security management and support. These publications present the results of NIST studies, investigations, and research on information technology security issues." A new resource especially useful for newcomers to this excellent collection is the "Guide to NIST Computer Security Documents" edited by Tanya Brewer and Matthew Scholl and dated February 2007 (but the PDF file shows that it was updated in April). The editors write: The Security Standard - The Only Executive Summit Focused on the Business, Management and Strategic Aspects of Security September 10-11, 2007 | The Fairmont Hotel Chicago How do your security initiatives support company business goals? The answer to this question can make all the difference in gaining the corporate-wide support and resources you need to drive your security strategies. Uncover best practices and organizational strategies for achieving success by attending The Security Standard Conference. Click here for more details. Click here for more details "Currently, there are over 250 NIST information security documents. This number includes Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, Information Technology Laboratory (ITL) Bulletins, and NIST Interagency Reports (NISTIR). These documents are typically listed by publication type and number or by month and year in the case of the ITL Bulletins. This can make finding a document difficult if the number or date is not known. In order to make NIST information security documents more accessible, especially to those just entering the security field or with limited needs for the documents, we are presenting this Guide. In addition to being listed by type and number, this will present the documents using three approaches to ease searching: * by Topic Cluster * by Family * by Legal Requirement." They add, "The Guide will be updated on a bi-annual basis to include new documents, topic clusters, and legal requirements, as well as to update any shifts in document mapping that is appropriate." Topic clusters include 23 classifications to help locate documents, starting with Annual Reports, Audit & Accountability and Authentication, and finishing with Smart Cards, Viruses & Malware and Historical Archives (out of alphabetical order for some reason). The "Families" classification starts with Access Control, Awareness & Training, Audit & Accountability and finishes with System & Information Integrity. The Legal Requirements classification includes the FISM (Federal Information Security Management Act of 2002), OMB Circular A-130 (Management of Federal Information Resources, Appendix III: Security of Federal Automated Information Resources), Health Insurance Portability and Accountability Act (HIPAA), and Homeland Security Presidential Directive-7 (HSPD-7) - Critical Infrastructure Identification, Prioritization, and Protection, among others. The guide is particularly attractive in its layout and typography; we have Michael James of The DesignPond to thank for the colorful, tasteful color scheme and graphics. My thanks to my friend and colleague Elizabeth Templeton, Administrative Director of the MSIA Program at Norwich University for pointing out this valuable new resource.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Analysts squash IBM layoff rumors 2. Five cool future IT positions 3. Top 15 all-time 'network-iest' TV characters 4. Top 15 controversial Microsoft quotes 5. Homeless man disrupts Internet2 service 6. The 50 best consumer tech products ever 7. Trojan impersonates Windows activation to snatch data 8. Thin clients in, PCs out at Verizon Wireless 9. Slideshow: Cisco's New Catalyst 6500 blade 10. Top things we love and hate about Apple MOST-READ REVIEW: Microsoft rolls out client-based spyware tool

Contact the author: M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor of Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. Two valuable (ISC)2 seminars coming up in May and June: End-to-End-Digital Investigation on May 31 in Denver and INFOSEC Update June 4-5 in Marina del Rey. This newsletter is sponsored by Fluke Networks Whitepaper: Secure network from inside Are internal users putting your network at risk? Spending too much time tracking down unauthorized devices and applications? This paper explains how having the proper tool enables you to quickly identify security threats and stop them fast. ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007