SP 800-27 Rev. A. Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A
作者: Gary Stoneburner , Alexis Feringa , Clark Hayden
DOI:
关键词: Information security 、 Systems engineering 、 Information security management 、 Security through obscurity 、 Security engineering 、 Security information and event management 、 Security service 、 Security convergence 、 Engineering 、 Computer security model 、 Engineering management
摘要: The Engineering Principles for Information Technology (IT) Security (EP-ITS) presents a list of system-level security principles to be considered in the design, development, and operation an information system. This document is used by IT stakeholders introduced can applied general support systems major applications. EP-ITS that apply all systems, not ones tied specific technology areas. These provide foundation upon which more consistent structured approach implementation capabilities constructed. While primary focus these remains on technical countermeasures, highlight fact that, effective, system design should also consider non-technical issues, such as policy, operational procedures, user education.
acm.org 参考文章(13)
Tim Grance, Joan Hash, Marianne Swanson, Ray Thomas, Lucinda Pope, Amy Wohl, Contingency Planning Guide For Information Technology Systems: Recommendations Of The National Institute Of Standards And Technology ,(2004)
Marianne Swanson, Guide for Developing Security Plans for Information Technology Systems Special Publication (NIST SP) - 800-18. ,(1998) , 10.6028/NIST.SP.800-18
Marianne Swanson, Generally Accepted Principles and Practices for Securing Information Technology Systems Generally Accepted Principles and Practices for Securing Information Technology Systems / AHIMA, American Health Information Management Association. ,(1996) , 10.6028/NIST.SP.800-14
M Wilson, J Hash, Building an Information Technology Security Awareness and Training Program Building an Information Technology Security Awareness and Training Program / AHIMA, American Health Information Management Association. pp. 20- 79 ,(2003) , 10.6028/NIST.SP.800-50
Karen Ann Kent, Computer Security Incident Handling Guide Special Publication (NIST SP) - 800-61 Rev 2. ,(2004) , 10.6028/NIST.SP.800-61R2
Shirley M. Radack, Federal Information Processing Standard (FIPS) 199, Standards for Security | NIST ITL Bulletin -. ,(2004)
T Grance, J Hash, M Stevens, K O'Neal, N Bartol, Guide to Information Technology Security Services Special Publication (NIST SP) - 800-35. ,(2003) , 10.6028/NIST.SP.800-35
T Grance, J Hash, M Stevens, Security Considerations in the Information System Development Life Cycle Special Publication (NIST SP) - 800-64 Rev 1. ,(2003) , 10.6028/NIST.SP.800-64R1
Rebecca Gurley Bace, Peter Mell, None, Intrusion Detection Systems National Institute of Standards and Technology (U.S.). ,(2001) , 10.6028/NIST.SP.800-31
Barbara Guttman, Edward Roback, An Introduction to Computer Security: The Nist Handbook ,(2018)