Select Page

Engineering Principles for IT Security (NIST SP 800-27)

CISSP

  1. Initiation:
    • Need Expressed: Identifying the requirement for the system.
    • Purpose Documented: Defining the purpose and objectives of the system.
    • Impact Assessment: Evaluating potential impacts and risks associated with the system.
  2. Development/Acquisition:
    • System Design: Designing the system according to security requirements.
    • Purchase/Programming/Development: Acquiring or developing the system based on the design specifications.
  3. Implementation:
    • System Testing: Testing the system to ensure it meets security and functional requirements.
    • Installation: Deploying the system in the operational environment.
    • Certification and Accreditation: Officially certifying and accrediting the system for use.
  4. Operation/Maintenance:
    • Function Performance: Ensuring the system performs its intended functions.
    • Security Operations: Ongoing security management and monitoring.
    • Audits: Regular audits to ensure compliance and effectiveness.
  5. Disposal:
    • Disposition: Securely disposing of information, hardware, and software.

Key Principle:

  • Physical Controls: Serve as the first line of defense.
  • People: Act as the last line of defense, emphasizing the importance of security awareness and training.

Latest Post:

Pin It on Pinterest