Corporations should consider using the draft of a new National Institute of Standards and Technology standard as a starting point for their own risk-classification exercises, according to a recent Meta Group Inc. research note. The draft standard, called Federal Information Processing Standard (FIPS) 199 and released in mid-May, spells out how government agencies should categorize their systems from a risk standpoint. The standard (download PDF) requires government agencies to group their information systems into high-, medium- or low-risk categories based on the potential effect of a security breach on the confidentiality, integrity and availability of information on each system. NIST also plans to release standards for describing a system and for identifying the security countermeasures to protect the data it houses. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.