Compare & Contrast of NIST 800-30 & NSA IAM
Student Name: Victor Wong
Instructor Name: Dr Crowley
ITEC 6324-Assignment 8
Compare & Contrast 1: NIST 800-30
Risk Management has 3 processes:
- Risk Assessment
- Risk Mitigation
- Evaluation and Assessment
Compare & Contrast 1: NSA IAM
INFOSEC assessment has 3 phases:
- Pre-assessment
- On-site activities
- Post-assessment
Compare & Contrast 2: NIST 800-30
To recommend controls to mitigate risk, NIST has 3 primary controls categories:
- Management Control
- Technical Control
- Operational Security Control
Compare & Contrast 2: NSA IAM
NSA has identified 18 baseline INFOSEC classes and categories for assessment team to focus on to gain security posture information. This list is broken down to 3 categories:
- Management Aspects
- Technical Aspects
- Operational Aspects
Compare & Contrast 3: Differences
- NIST identifies Threat Pair as IAM into Vulnerability.
- No control of Threat but have control over Vulnerability.
- NIST is more into System approach but IAM is Organizational
approach that is Customer-oriented.
- IAM determines and assesses Information Criticality of
System and Organization.
-
THE END