This glossary provides a central resource of definitions most commonly used in Nat. Institute of Standards and Technology (NIST) information security publications and in the Committee for National Security Systems (CNSS) information assurance publications. Each entry in the glossary points to one or more source NIST publications, and/or CNSSI-4009, and/or supplemental sources where appropriate. This is a print on demand edition of an important, hard-to-find publication.
Security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. The need to be able to integrate security into those systems and the discussions with business functions and operations exists more than ever. This IBM® Redbooks® publication explores concerns that characterize security requirements of, and threats to, business and information technology (IT) systems. This book identifies many business drivers that illustrate these concerns, including managing risk and cost, and compliance to business policies and external regulations. This book shows how these drivers can be translated into capabilities and security needs that can be represented in frameworks, such as the IBM Security Blueprint, to better enable enterprise security. To help organizations with their security challenges, IBM created a bridge to address the communication gap between the business and technical perspectives of security to enable simplification of thought and process. The IBM Security Framework can help you translate the business view, and the IBM Security Blueprint describes the technology landscape view. Together, they can help bring together the experiences that we gained from working with many clients to build a comprehensive view of security capabilities and needs. This book is intended to be a valuable resource for business leaders, security officers, and consultants who want to understand and implement enterprise security by considering a set of core security capabilities and services.
Globalization of the food supply has created conditions favorable for the emergence, reemergence, and spread of food-borne pathogens-compounding the challenge of anticipating, detecting, and effectively responding to food-borne threats to health. In the United States, food-borne agents affect 1 out of 6 individuals and cause approximately 48 million illnesses, 128,000 hospitalizations, and 3,000 deaths each year. This figure likely represents just the tip of the iceberg, because it fails to account for the broad array of food-borne illnesses or for their wide-ranging repercussions for consumers, government, and the food industry-both domestically and internationally. A One Health approach to food safety may hold the promise of harnessing and integrating the expertise and resources from across the spectrum of multiple health domains including the human and veterinary medical and plant pathology communities with those of the wildlife and aquatic health and ecology communities. The IOM's Forum on Microbial Threats hosted a public workshop on December 13 and 14, 2011 that examined issues critical to the protection of the nation's food supply. The workshop explored existing knowledge and unanswered questions on the nature and extent of food-borne threats to health. Participants discussed the globalization of the U.S. food supply and the burden of illness associated with foodborne threats to health; considered the spectrum of food-borne threats as well as illustrative case studies; reviewed existing research, policies, and practices to prevent and mitigate foodborne threats; and, identified opportunities to reduce future threats to the nation's food supply through the use of a "One Health" approach to food safety. Improving Food Safety Through a One Health Approach: Workshop Summary covers the events of the workshop and explains the recommendations for future related workshops.
This publication provides guidelines for applying the Risk Management Framework (RMF) to federal information systems. The six-step RMF includes security categorization, security control selection, security control implementation, security control assessment, information system authorization, and security control monitoring.
This Open access book offers updated and revised information on vessel health and preservation (VHP), a model concept first published in poster form in 2008 and in JVA in 2012, which has received a great deal of attention, especially in the US, UK and Australia. The book presents a model and a new way of thinking applied to vascular access and administration of intravenous treatment, and shows how establishing and maintaining a route of access to the bloodstream is essential for patients in acute care today. Until now, little thought has been given to an intentional process to guide selection, insertion and management of vascular access devices (VADs) and by default actions are based on crisis management when a quickly selected VAD fails. The book details how VHP establishes a framework or pathway model for each step of the patient experience, intentionally guiding, improving and eliminating risk when possible. The evidence points to the fact that reducing fragmentation, establishing a pathway, and teaching the process to all stakeholders reduces complications with intravenous therapy, improves efficiency and diminishes cost. As such this book appeals to bedside nurses, physicians and other health professionals.
Development Research in Practice leads the reader through a complete empirical research project, providing links to continuously updated resources on the DIME Wiki as well as illustrative examples from the Demand for Safe Spaces study. The handbook is intended to train users of development data how to handle data effectively, efficiently, and ethically. “In the DIME Analytics Data Handbook, the DIME team has produced an extraordinary public good: a detailed, comprehensive, yet easy-to-read manual for how to manage a data-oriented research project from beginning to end. It offers everything from big-picture guidance on the determinants of high-quality empirical research, to specific practical guidance on how to implement specific workflows—and includes computer code! I think it will prove durably useful to a broad range of researchers in international development and beyond, and I learned new practices that I plan on adopting in my own research group.†? —Marshall Burke, Associate Professor, Department of Earth System Science, and Deputy Director, Center on Food Security and the Environment, Stanford University “Data are the essential ingredient in any research or evaluation project, yet there has been too little attention to standardized practices to ensure high-quality data collection, handling, documentation, and exchange. Development Research in Practice: The DIME Analytics Data Handbook seeks to fill that gap with practical guidance and tools, grounded in ethics and efficiency, for data management at every stage in a research project. This excellent resource sets a new standard for the field and is an essential reference for all empirical researchers.†? —Ruth E. Levine, PhD, CEO, IDinsight “Development Research in Practice: The DIME Analytics Data Handbook is an important resource and a must-read for all development economists, empirical social scientists, and public policy analysts. Based on decades of pioneering work at the World Bank on data collection, measurement, and analysis, the handbook provides valuable tools to allow research teams to more efficiently and transparently manage their work flows—yielding more credible analytical conclusions as a result.†? —Edward Miguel, Oxfam Professor in Environmental and Resource Economics and Faculty Director of the Center for Effective Global Action, University of California, Berkeley “The DIME Analytics Data Handbook is a must-read for any data-driven researcher looking to create credible research outcomes and policy advice. By meticulously describing detailed steps, from project planning via ethical and responsible code and data practices to the publication of research papers and associated replication packages, the DIME handbook makes the complexities of transparent and credible research easier.†? —Lars Vilhuber, Data Editor, American Economic Association, and Executive Director, Labor Dynamics Institute, Cornell University
Actionable guidance and expert perspective for real-world cybersecurity The Cyber Risk Handbook is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement. Cyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions. Learn how cyber risk management can be integrated to better protect your enterprise Design and benchmark new and improved practical counter-cyber capabilities Examine planning and implementation approaches, models, methods, and more Adopt a new cyber risk maturity model tailored to your enterprise needs The need to manage cyber risk across the enterprise—inclusive of the IT operations—is a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. The Cyber Risk Handbook brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment.
FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security deals with the Federal Information Security Management Act (FISMA), a law that provides the framework for securing information systems and managing risk associated with information resources in federal government agencies. Comprised of 17 chapters, the book explains the FISMA legislation and its provisions, strengths and limitations, as well as the expectations and obligations of federal agencies subject to FISMA. It also discusses the processes and activities necessary to implement effective information security management following the passage of FISMA, and it describes the National Institute of Standards and Technology's Risk Management Framework. The book looks at how information assurance, risk management, and information systems security is practiced in federal government agencies; the three primary documents that make up the security authorization package: system security plan, security assessment report, and plan of action and milestones; and federal information security-management requirements and initiatives not explicitly covered by FISMA. This book will be helpful to security officers, risk managers, system owners, IT managers, contractors, consultants, service providers, and others involved in securing, managing, or overseeing federal information systems, as well as the mission functions and business processes supported by those systems. - Learn how to build a robust, near real-time risk management system and comply with FISMA - Discover the changes to FISMA compliance and beyond - Gain your systems the authorization they need
Federal Cloud Computing: The Definitive Guide for Cloud Service Providers offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation. You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis. - Provides a common understanding of the federal requirements as they apply to cloud computing - Provides a targeted and cost-effective approach for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) - Provides both technical and non-technical perspectives of the Federal Assessment and Authorization (A&A) process that speaks across the organization
