Quick Bytes: How much protection is needed?

A mom-and-pop company with a dozen employees and an organizational behemoth like the Department of Defense both need to secure their computer networks. But not all networks need the same level of protection. A new draft publication of the National Institute of Standards and Technology (NIST) provides recommended sets of security controls for low-, moderate-, and high-impact computer networks. @ The final version of NIST Special Publication 800-53 will be published next month. Link to it via SM Online. (Note: NIST has completed the second draft of Special Publication 800-53, Recommended Security Controls for Federal Information Systems. This draft guideline provides a recommended set of security controls for low, moderate, and high impact information systems based upon the system's FIPS 199 security categorization. Final publication is anticipated o/a January 31, 2005. Special Publication 800-53, when finalized, will serve as NIST interim guidance on security controls for federal information systems until December 2005, which is the statutory deadline to publish minimum standards for all non-national security systems.)