918 KB | 3 files | DOC, PDF
Read this resource from the National Institute of Standards and Technology to protect your organization from exploiting both known and unknown vulnerabilities.
Organizations in the public and private sectors depend on information systems to successfully carry out their missions and business functions. Information systems can include very diverse entities ranging from office networks, financial and personnel systems to very specialized systems (e.g., weapons systems, telecommunications systems, industrial/process control systems and environmental control systems). Information systems are subject to serious threats that can have adverse effects on organizational operations (i.e., missions, functions, image or reputation), organizational assets, individuals, other organizations and the nation by exploiting both known and unknown vulnerabilities to compromise the confidentiality, integrity or availability of the information being processed, stored or transmitted by those systems.
Threats to information and information systems can include purposeful attacks, environmental disruptions and human/machine errors and result in great harm to the national and economic security interests of the United States. Therefore, it is imperative that leaders and managers at all levels understand their responsibilities and are held accountable for managing information security risk — that is, the risk associated with the operation and use of information systems that support the missions and business functions of their organizations.
Included in this ZIP file are:
This table outlines the top needs of each stakeholder group that can help guide your conversations on priorities and needs for the GRC program. ... More >>
This publication provides guidelines for establishing and participating in cyber threat information sharing relationships. ... More >>
This document provides recommendations and guidelines for enhancing trust in email, including transmission and content security recommendations. ... More >>