Subscribe by email
The National Institute of Standards and Technology (NIST) released its update to Special Publication 800-53 Revision 4 earlier today at the 2012 RSA Conference. The update included two new sections pertaining to insider threat and privacy.
As NIST cited, it is a fundamental responsibility of federal agencies to secure information systems and safeguard against unauthorized access and use of private information. Without a solid foundation of information security, it is impossible to protect the privacy of personally identifiable information (PII).
This revision includes a number of privacy controls to provide transparency, accountability and risk management to mitigate the unauthorized access to PII by those inside and outside the organization.
There often is no way to enforce policies. However, with this update, NIST has demonstrated a maturity in thinking about the issues and provided guidance to make the protection of privacy actionable for government. The new guidance requires federal agencies to evaluate and report on the effectiveness of their information system privacy practices, and should enhance public confidence in the government’s ability to protect and ensure the integrity of PII.
To mitigate the risk of insider threat and potential privacy breaches, agencies should conduct a gap analysis to identify areas for improvement. Then, using technology – such as Attachmate Luminet – agencies should address weaknesses to ensure compliance.
Earlier this month, we noted three actions organizations can take to start securing their information systems. Attachmate makes it easy to mitigate insider threat and privacy issues while becoming compliant with information security policies. Learn more about our enterprise fraud management solution.
-Christine Meyers, senior product marketing manager, Attachmate Luminet
