7.4 Risk Determination Frameworks
Earlier, we covered control frameworks such as COBIT; here we will briefly touch on some frameworks for risk assessments and management. The security assessment and planning functions of management may draw from guidelines, standards, and best practices. For example, the Federal Information Processing Standard (FIPS) is necessary for government systems, but it may also serve as a process and criteria for commercial enterprises. As part of the E-Government Act of 2002 (Public Law 107-347), the FIPS-200 became “the second of the mandatory security standards, specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government and risk-based ...
Get Information Security Management, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
