The National Institute of Standards and Technology (NIST) publishes Special Publications (SP) to help government agencies and private companies develop and support security programs. The SP 800 subseries https://csrc.nist.gov/publications/sp800 deals specifically with computer security. SPs are considered guidelines for nongovernment entities whereas both NIST Federal Information Processing Standards (FIPS) documents and the SPs are required standards for government agencies.
Prepare a Microsoft Word table in which you outline how a CISO would use the NIST publications to develop security policies.
Include the following column headings:
SP number
SP name
SP purpose
Include the following row headings:
SP 800-30
SP 800-34
SP 800-37
SP 800-39
SP 800-53
Part 2
You were recently hired as CISO for a healthcare company that qualifies as a Covered Entity under HIPAA, which means it must comply with the standards of the HIPAA Security Rule.
Using the table you created in Part 1, write a 2- to 3-page informal comparison outlining the overarching components and outcomes of your NIST-based structure as compared to a structure operating in the global marketplace. Logically explain how NIST compliance influences information security governance and is part of formulating the organizations desired outcomes.
