NIST proposes a new approach to process analysis: the Criticality Analysis Process Model
- Published: Thursday, 12 April 2018 08:21
NIST has releasing a publication and a new model that will help organizations to identify those systems and components that are most vital and which may need additional security or other protections.
NIST Internal Report (NISTIR) 8179, Criticality Analysis Process Model: Prioritizing Systems and Components proposes a new model, called the Criticality Analysis Process Model, which is based on existing methods and approaches but is tailored specifically to the needs of information security and privacy risk managers.
NIST says that the Criticality Analysis Process Model is intended to be used as a component of a holistic and comprehensive risk management approach that considers all risks, including information security and privacy risks, to prioritize and tailor controls for those risks. The model can be used with a variety of risk management standards and guidelines and in conjunction with systems and software engineering, project management, and auditing/attestation frameworks.