NIST releases info security documents

The National Institute of Standards and Technology has published two new interagency reports designed to help auditors, inspectors general and senior management understand and evaluate information security programs., titled “Information Security Guide for Government Executives,” is an overview of IT security concepts that senior management should grasp. , titled “Program Review for Information Security Management Assistance (PRISMA),” lays out a standardized approach for measuring the maturity of an information security program.PRISMA is a methodology developed by NIST for reviewing complex requirements and posture of a federal information security program. It is intended for use by security personnel, as well as internal reviewers, auditors and IGs. Tools laid out in NISTIR 7358 should help identify program deficiencies, establish baselines, validate corrections and provide supporting information for Federal Information Security Management Act scorecards. It gives a maturity level in nine primary topic areas:PRISMA is based on the Software Software Engineering Institute’s former Capability Maturity Model and each topic area is rated in one of five levels of maturity, with the fifth level being the highest:NISTIR 7359 is addressed to senior management, because studies have shown that senior management’s commitment to information security is the most critical element in the success of an information security program. Executives are responsible for establishing the program and setting its goals, as well ensuring that resources are made available to fulfill them.The guide answers five basic questions about information security for the senior level manager: