ITD 2413 Enterprise Security ManagementGrade _______ Instructor

ITD 2413 Enterprise Security ManagementGrade _______
Instructor: M. HassStudent Name: Brendan BarnettDue Date: September 30, 2018Gradebook Comments: Copy the Gradebook comments and paste them herePublications Review #1
The National Institute of Standards and Technology (NIST) is under federal law to ensure that all IT individuals in the field have a good understanding of guidelines in the workplace. Guidelines are an important factor when in the workplace and in order to enforce them workplaces have to implement documentation informing the workplace of the guidelines. NIST provides great documentation of certain guidelines and criteria an IT workplace should follow. NIST enforces these laws and guidelines under federal and public law. There are minimum criteria that federal agencies must comply to and abide by. However, nongovernmental organizations can choose whether or not to use these guidelines. NIST special publication 800-27 revision A is one of many documentations of these guidelines, laws, and certain criteria federal organizations must follow.

The main end goal of NIST is to provide companies with key aspects of what an IT organization should refrain from doing. 800-27 Revision A is a documentation that states “because of the constantly changing information system security environment… this document is an attempt to present in a logical fashion fundamental security principles that can be used in today’s operational environments.”. This statement clearly defines how the documentation should be taken, considering how the IT industry will constantly be changing for dozens of years. Companies must take this into account when implementing these guidelines in order to ensure they are up to date. However, there are certain rules and ethics that will not change for many years to come such as intrusion on an individual, or multiple individual’s privacy.
This revision also includes something known as a “System Life Cycle” where there are 5 steps to follow to ensure the safety of the workplace. The five steps include: Initiation phase, Development phase, Implementation phase, Operation/Maintenance phase, as well as the Disposal phase. The Initiation phase simply put is a key step in the process, the basic principle is to discuss what is needed in the workplace to make it more effective as well as safe. The ideas are discussed among key members of the organization in order to find the best solution. The solution is then identified, documented, and then moves onto the next phase. Phase two (Development phase), is the construction or purchase of a system or network. Phase two goes over key aspects such as security and how to implement it properly. The third phase (Implementation phase), takes the system through rigorous tests, certifications, and accreditations before fully implanting the entire system. Operation/Maintenance is the fourth phase, this phase includes modifying or configuring the software or hardware, as well as auditing the system implemented. The system does as desired while being maintained, upgraded, or repaired. The last phase is the Disposal phase; this step is when the system is in desperate need for a replacement. The workers then correctly dispose of all the data that has been kept, document everything, and finally move back to phase one.

With everything in this world moving towards more advanced technology, along with technology business’ booming, it is most important to think about the end user. The end user’s security, safety, and moderately easy operational use in certain aspects is the key factor as to why NIST ensures these guidelines stay up to date with the current world. These principles are key to quality security in the IT industry, this ensures not only the safety of customers, but the safety of private business owners, organizations, federal organizations, and the safety of the country.

Works Cited
Author(s): National Institute of Standards and Technology (No authors published)
Title: Engineering Principles for Information Technology Security (A Baseline for Achieving Security), 800-27 Revision A
Publication date: June 2004