NIST supplies IT security handbook to managers

The publication provides managers with an overview of information security practices.

The National Institute of Standards and Technology has released a draft of its Information Security Handbook. The handbook provides an overview of information security measures to give managers a better understanding of how to implement an information security program.

According to NIST’s computer security resource center, the purpose of the handbook is to inform the information security management team about expected implementation and oversight of various aspects of information security in their organizations. The publication includes summaries of existing NIST publications and standards.

The 124-page document includes a section on designing, implementing and overseeing a program for awareness and training for information security standards. Other topics include summaries of the responsibilities of agency heads, developing a life cycle for systems development and detailing specific performance metrics for systems evaluation. There is an extensive Frequently Asked Questions section toward the end of the publication.

NIST is requesting that comments on the handbook be sent to handbk-100@nist.gov. NIST will be accepting comments until August 7.