NIST Offers Draft Security Engineering Guidance

NISTIt’s nice to see NIST offer some official guidance on this aspect of security, where we build security in versus tacking it on at the end. Don’t expect anything new as organizations have been doing this for the past decade or so. Those select few are but a tiny percentage however and hopefully NIST’s formalized recommendation will drive such a development process into the mainstream for all organizations. Comments on the draft are due July 11th.

via GovInfoSecurity.com

The National Institute of Standards and Technology is developing new cybersecurity standards based on the same principles engineers use to build bridges and jetliners.

At the University of Minnesota College of Science and Engineering’s Technology Leadership Institute on May 13, NIST Fellow Ron Ross unveiled a draft of NIST Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. The guidelines recommend steps to help develop a more defensible information technology infrastructure, including the component products, systems and services that constitute the infrastructure.

In an interview with Information Security Media Group, Ross says principles employed by engineers can be used to communicate to all stakeholders the goals for creating new infrastructures. “By integrating the security-engineering processes into those systems-engineering processes, and software engineering, we are now being able to bridge that communication’s gap between these two disciplines,” Ross says.

Continued here.

#####

Today’s post pic is from Fluidicsmem.com.

4 comments for “NIST Offers Draft Security Engineering Guidance

  1. May 28, 2014 at 10:01 pm

    NIST Offers Draft Security Engineering Guidance http://t.co/aQcPBlC4YY #InfoSec #ghc_sec

  2. May 28, 2014 at 11:04 pm

    NIST Offers Draft Security Engineering Guidance http://t.co/IF3EC3YeFi

  3. May 29, 2014 at 11:00 am

    NIST Offers Draft Security Engineering Guidance – see our post for more info http://t.co/CodRIeWtXS #infosec

  4. May 29, 2014 at 5:01 pm

    NIST Offers Draft Security Engineering Guidance – see our post for more info http://t.co/CUplOjSUNx #infosec

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.