| Registration | Required |
|---|---|
| File size | 179.67kb - Check your internet speed |
| File format | PDF - Download the latest version of Adobe Acrobat Reader |
ZDNet / IT Library / Security / Security Administration / Security Standards /
Ensuring FISMA Compliance: Integrating Forensics and Incident Response as Mandated by NIST SP 800-86
See also
Publisher's description
The Federal Information Security Management Act (FISMA) of 2002 mandates that federal agencies must establish incident response capabilities (44 U.S.C. §3544 (b)(7)). FISMA requires that federal agencies implement an incident response capability consistent with the guidelines and standards established by the National Institute of Standards and Technology (NIST) (44 U.S.C. §3549, incorporating and amending 40 U.S.C. § 11331). Pursuant to this specific mandate under FISMA, NIST issued Special Publication 800-61 Computer Security Incident Handling Guide, which sets forth detailed technical, procedural and policy guidelines for federal agencies to implement a comprehensive incident response program.
Similar whitepapers
HIPAA 5010 and ICD-10: The Road to Compliance
Healthcare payers and providers are facing two major compliance initiatives over the next couple of years: conversion from the HIPAA 4010 electronic transaction set to the 5010 set and conversion from ICD-9 codesets to ICD-10. These initiatives will impact nearly every core process, system and interface across the industry, and industry costs are expected to be in the billions of dollars. Although healthcare stakeholders are facing 2012 and 2013 regulatory deadlines, few have begun actively planning for conversion. Industry research has shown that many organizations are still in the information gathering phase, trying to assess potential impacts on themselves, their vendors and business partners.
23 days ago by Patni Computer Systems DownloadRisk Assessments: The Key to Continuous Compliance
Just about every person who runs and manages businesses will agree that, in order to compete in the marketplace, a company must assume a certain amount of risk. But they would also agree that the risks have to be calculated risks based on hard data, historical information and some sort of cost-benefit analysis. In most cases, "Leaping before looking" will ultimately lead to failure. That is why traditional risk management is founded on maintaining stability by mitigating risk. But before a company can determine how to mitigate the risk, they must identify the specific risk factors and evaluate which risks are to be managed and which are to be avoided.
30 days ago by TraceSecurity DownloadMitigate Risk with Compliance Management Solutions from Novell
In today's environment of rapid change and porous networks, firms take risk just by staying in business. Recording changes is no longer enough because compliance is not just about filling out forms. It is also about managing risk, and turning it into a strategic asset, a transformation enabled by Compliance Management solutions from Novell.
40 days ago by Novell DownloadHands-Free Compliance - The Key to Doing More With Less
With more compliance loopholes coupled with a shrinking number of resources, organizations need a technological foundation that automates compliance processes.
40 days ago by Novell DownloadTechNet Webcast: The Case for Data Governance to Maintain Privacy, Confidentiality and Compliance (Part 1 of 4) (Level 100)
As organizations handle growing volumes of personal data and use it in more diverse ways, they must contend with greater risks and complex compliance requirements to meet government, consumer, investor, and employee expectations for security and privacy. In addition to this, organizations also have to worry about maintaining the confidentiality and integrity of their intellectual property and other trade secrets. This webcast is for IT professionals and technical or business decision makers who are looking to understand the key data security, privacy, and compliance-related concerns, what data governance is and what it encompasses, and how data governance compliments IT governance and compliance.
52 days ago by Microsoft DownloadHarmonizing Controls to Reduce Your Cost of Compliance
Mounting regulations across the globe have increased the cost and burden on organizations. The high cost is especially felt by organizations which must adhere to multiple requirements - 75 percent of organizations must comply with two or more regulations and corresponding audits and more than 40 percent must comply with three or more regulations.
Audit preparation typically occurs in functional silos, with different project teams focused on addressing an individual compliance initiative, resulting in significant operational inefficiencies and higher costs to demonstrate compliance.
This webinar examines the Unified Compliance Framework and how it can be leveraged to harmonize controls across multiple regulations such as PCI, SOX, HIPAA, NERC and many others. Learn how to eliminate overlapping control requirements and ensure a more efficient and less costly approach to compliance.
Guidance Software whitepapers
Cyber Solutions Center PII Bulletin
Personally-Identifiable Information (PII) is information that can be used to trace an individual's identity, such as a name, social security number, or biometric record. According to a May 22., 2007 memo from the Office of Management and Budget (OMB) to the heads of executive departments and agencies, "Safeguarding PII in the possession of the government and preventing its breach are essential to ensure the government retains the trust of the American public".
335 days ago by Guidance Software DownloadThe Presumption of Good Faith: Defending Your eRecords Retention Policies With Active Enforcement
The purging and preservation of ESI is a technical process that requires a technical solution, especially if a company hopes to establish such capabilities on a global, integrated and routine basis. Enterprise computer collection and auditing technology is required in order to apply eRecords management and eDiscovery processes in a consistent and systemized manner. With best-practices enterprise technology such as EnCase Enterprise, records management policies are executed evenly and routinely, thus enabling prompt and good faith preservation efforts or, with a separate module, systemized auditing and purging of ESI under a clearly documented and highly defensible process.
568 days ago by Guidance Software DownloadUnderstanding Data Location Is Imperative for Data Loss Prevention
Data Protection and Data Loss Prevention for PII are nothing new in the US. The federal government and over 35 states have enacted legislation to address these critical issues. Both have been discussed by information security managers for many years. However, major incidents of data loss and data leakage grabbing the media headlines over recent months have forced a renewed spotlight on this area. DLP is now the main focus of many information security conferences and a topic high on the board room agenda.
591 days ago by Guidance Software DownloadEnhancing Compliance With UK and EU Data Protection Laws When Collecting Employees E-Mail and Electronic Documents
UK companies conduct internal investigations on a daily basis, and also increasingly are asked to collect employees' email and electronic documents to satisfy litigation and regulatory requests. Although these digital investigations are necessary to meet companies' legal obligations, they also must demonstrate respect for employees' privacy rights under EU directives and UK data protection laws, which require that these investigations and collections not be excessive in relation to their legitimate purpose.
638 days ago by Guidance Software Download
