Information Security Governance Papers
Paper Title
|
Control Analysis
|
The Abstract of The Paper
|
As previously discussed, the analysis of controls in place to protect the system can be accomplished using a checklist or questionnaire, which is based on the security requirements for the system as specified by NIST SP 800-53. This analysis can be refined using the NIST SP 800-53A, Guide for Assessing the Security Controls in Federal Information Systems (draft), which provides guidance on testing security controls extracted from NIST SP 800-53. The results are used to strengthen the determination of the likelihood that a specific threat might successfully exploit a particular vulnerability.
|
Web Link
|
http://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf
|
Back To Information Security Governance Papers List