Security, Security And Security

1369 WordsAug 17, 20166 Pages
1. Introduction While it is true that there are literally hundreds of Security Frameworks offering thousands of controls designed to help ensure that any particular network is compliant, most of these focus on compliance rather than security for known attack vectors. For instance, the National Institute of Standards and Technology (NIST) Security and Privacy Controls for Federal Information Systems and Organizations (NIST Special Publication 800-53 rev 4) offers 170 controls for covering various control families. Many of these controls are then decomposed into even more granular protections based upon the sensitivity of the protected data (NIST,xxx). Another example can be found within ISO 27002. Here there are “35 control objectives (one per ’security control category’)” with “114 defined controls” (ISO, 2013). Regardless of the framework chosen, there are controls designed to bolster the overall security of a system. Many times this focus on meeting the control objective leads to compliance rather than a focus on protecting current attack information. The approach taken by the Center for Internet Security (CIS) is that the controls from these common frameworks is: “part of a comprehensive risk management framework for USG Agencies, which specifies a full life cycle of security categorization, design and implementation, assessment, authorization, and monitoring. NIST 800-53 is then the starting point for an Agency to select the CIS Controls needed to manage the
Open Document