NIST SP800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
こんにちは、丸山満彦です。NISTからInformation Security Continuous Monitoring のガイダンスが公表されていますね。。。
継続的にモニタリングできる仕組みがあれば、変化をかんじとって、迅速にリスクに対応できる可能性が高まりますよね。。。
■NIST
・2011.09.30 Special Publication 800-137 (Final), Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
=====
CHAPTER ONE INTRODUCTION
1.1 BACKGROUND
1.2 RELATIONSHIP TO OTHER PUBLICATIONS
1.3 PURPOSE
1.4 TARGET AUDIENCE
1.5 ORGANIZATION OF THIS SPECIAL PUBLICATION
CHAPTER TWO THE FUNDAMENTALS
2.1 ORGANIZATION-WIDE VIEW OF ISCM
2.2 ONGOING SYSTEM AUTHORIZATIONS
2.3 ROLE OF AUTOMATION IN ISCM
2.4 ISCM ROLES AND RESPONSIBILITIES
CHAPTER THREE THE PROCESS
3.1 DEFINE ISCM STRATEGY
3.2 ESTABLISH AN ISCM PROGRAM
3.3 IMPLEMENT AN ISCM PROGRAM
3.4 ANALYZE DATA AND REPORT FINDINGS
3.5 RESPOND TO FINDINGS
3.6 REVIEW AND UPDATE THE MONITORING PROGRAM AND STRATEGY
APPENDIX A REFERENCES
APPENDIX B GLOSSARY
APPENDIX C ACRONYMS
APPENDIX D TECHNOLOGIES FOR ENABLING ISCM
=====
« CSA Security as a Service White Paper | Main | IPA 『標的型攻撃メールの分析』に関するレポート ~だましのテクニックの事例4件の紹介と標的型攻撃メールの分析・対策~ »
Comments