It’s nice to see NIST offer some official guidance on this aspect of security, where we build security in versus tacking it on at the end. Don’t expect anything new as organizations have been doing this for the past decade or so. Those select few are but a tiny percentage however and hopefully NIST’s formalized recommendation will drive such a development process into the mainstream for all organizations. Comments on the draft are due July 11th.
The National Institute of Standards and Technology is developing new cybersecurity standards based on the same principles engineers use to build bridges and jetliners.
At the University of Minnesota College of Science and Engineering’s Technology Leadership Institute on May 13, NIST Fellow Ron Ross unveiled a draft of NIST Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. The guidelines recommend steps to help develop a more defensible information technology infrastructure, including the component products, systems and services that constitute the infrastructure.
In an interview with Information Security Media Group, Ross says principles employed by engineers can be used to communicate to all stakeholders the goals for creating new infrastructures. “By integrating the security-engineering processes into those systems-engineering processes, and software engineering, we are now being able to bridge that communication’s gap between these two disciplines,” Ross says.
Today’s post pic is from Fluidicsmem.com.