Resources: http://csrc.nist.gov/publications/PubsSPs.html
NIST publishes Special Publications (SP) to help government agencies and private companies develop and support security programs. The SP 800 subseries deal specifically with Computer Security. SPs are considered guidelines for non-government entities whereas NIST Federal Information Processing Standards (FIPS) documents and the SPs are required standards for government agencies.
Your task is to prepare a 1- to 2-page table in Microsoft® Word or Microsoft® Excel® table.
Table column headings:
SP number
SP Name
SP purpose (outline how a CISO would use the NIST publications to develop security policies.)
Table Row headings:
SP 800-30
SP 800-34
SP 800-3
SP 800-39
SP 800-53
Part 2:
You work for a healthcare company that qualifies as a “Covered Entity” under HIPAA and consequently must comply with the standards of the HIPAA Security Rule. Your company recently hired a CISO and you are on the management team tasked to review with the CISO the federal requirements that your risk management process be NIST-based. Outline to her the components and outcomes of your company’s NIST-based program.
Write a 1- to 2-page informal comparison in Microsoft® Word outlining the overarching components and outcomes of your NIST-based structure compared to a structure operating in the global marketplace. Logically explain how NIST compliance influences information security governance and assists in formulating the organization’s desired outcomes.