Credit: Shutterstock/K. Kalchenko
If you’ve ever tried to set up a home entertainment system by poring over a thick manual, you might appreciate the manufacturer also providing you with a quick-start guide so you can get your party going in short order. Information security experts at the National Institute of Standards and Technology (NIST) have created what is essentially a quick-start guide to their flagship risk management tool, to help organizations reduce their security and privacy risks more easily.
Their creation, whose full title is Control Baselines for Information Systems and Organizations (NIST Special Publication (SP) 800-53B), is a companion publication to SP 800-53 Revision 5, which NIST updated last month after a multiyear effort. SP 800-53 offers a comprehensive set of security and privacy safeguards — referred to as controls — that address specific weaknesses in an organization or information system. It is used by organizations of all sizes, across public and private sectors. The new companion guide can help them with selecting the baseline, or group of safeguards, that is appropriate for the risk level and threats the organization faces.
“Using the guidance we provide, an organization can choose the right security and privacy baseline and then customize it effectively.” —Ron Ross, NIST Fellow
“Choosing security and privacy controls is a bit like building a car from parts that fit the driving conditions you expect,” said Ron Ross, a NIST Fellow and one of the guide’s authors. “If you’re building an SUV for trips around town, you might choose different parts than you’d use for a race car. Whether you’re managing risk for a rou ..