AssuranceUserIssuesContingencyPlanningI&APersonnelTrainingAccessControlsAuditPlanningRiskManagementCryptoPhysicalSecuritySupport&OperationsPolicyProgramManagementThreatsNationalInstituteofStandardsandTechnologyTechnologyAdministrationU.S.DepartmentofCommerceAnIntroductiontoComputerSecurity:TheNISTHandbookSpecialPublication800-12iiiTableofContentsI.INTRODUCTIONANDOVERVIEWChapter1INTRODUCTION1.1Purpose....................................................31.2IntendedAudience..........................................31.3Organization...............................................41.4ImportantTerminology.....................................51.5LegalFoundationforFederalComputerSecurityPrograms.7Chapter2ELEMENTSOFCOMPUTERSECURITY2.1ComputerSecuritySupportstheMissionoftheOrganization.92.2ComputerSecurityisanIntegralElementofSoundManagement...............................................102.3ComputerSecurityShouldBeCost-Effective................112.4ComputerSecurityResponsibilitiesandAccountabilityShouldBeMadeExplicit...........................................122.5SystemsOwnersHaveSecurityResponsibilitiesOutsideTheirOwnOrganizations.........................................122.6ComputerSecurityRequiresaComprehensiveandIntegratedApproach..................................................132.7ComputerSecurityShouldBePeriodicallyReassessed.......132.8ComputerSecurityisConstrainedbySocietalFactors.......14Chapter3ROLESANDRESPONSIBILITIESiv3.1SeniorManagement........................................163.2ComputerSecurityManagement...........................163.3ProgramandFunctionalManagers/ApplicationOwners....163.4TechnologyProviders......................................163.5SupportingFunctions......................................183.6Users......................................................20Chapter4COMMONTHREATS:ABRIEFOVERVIEW4.1ErrorsandOmissions......................................224.2FraudandTheft...........................................234.3EmployeeSabotage................
