ABSTRACT
National Institute of Standards and Technology (NIST) standards are available free of charge at www.nist.gov; the NIST security standards are available at csrc. nist.gov. The information herein does not intend to duplicate the excellent work of these standards, but rather use these standards as a basis to develop organizational-specific tools to use during the planning and execution of a security management program (SMP). The same organizational-specific tools may find foundation in the International Standards Organization (ISO) security standards (e.g., ISO 27002 [formerly ISO 17799]) or other industry security standards. The book How to Achieve ISO 27001 Certification-An Example of Compliance Management by Sigurjon Thor Arnason and Keith D. Willett introduces the concept of an SMP framework. This book uses the same concept, but uses NIST SP 800-53 as a basis for the SMP framework.
