Manager’s Deskbook

Research: 1. Review NIST’s definition of an “Issue Specific Policy” and contents thereof in NIST SP 800-12 Section 5.3. This document provides information about the content of an issue specific policy (as compared to comprehensive system and enterprise security policies). 2. Review the weekly readings and resource documents posted in the classroom. Pay special attention to the resources which contain “issues” and “best practices” information for: • Data Breach Response • Preventing / Controlling Shadow IT • Social Media 3. Review NIST guidance for required / recommended security controls (see NIST SP 800-12, NIST SP 800-53, and NIST SP 800-100). Some suggested control families are: • Access Control (AC) control family (for Social Media policy) • Incident Response (IR) control family (for Data Breach policy) • System and Services Acquisition (SA) control family (Domain Name, Shadow IT, Website Governance) 4. Find and review additional authoritative / credible sources on your own which provide information about IT security issues (related to data breaches / responses, shadow IT, and/or social media use) which require policy solutions. URLs for Recommended Resources Title Type Link NIST SP 800-100 Information Security Handbook: A Guide for Managers PDF https://doi.org/10.6028/NIST.SP.800-100 NIST SP 800-12: An Introduction to Information Security PDF https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-12r1.pdf NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations PDF http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf