Governance & Risk Management , Video

Video: Ron Ross Promotes New InfoSec Approach

Adapting Engineering Principles to IT Security

Information risk management expert Ron Ross is evangelizing a new approach to secure IT that adopts an engineering approach to build trustworthy and resilient information systems.

See Also: Make Zero Trust Happen

Ross is leading a team at the National Institute of Standards and Technology that's creating new guidance titled Systems Security Engineering, Special Publication 800-160. The second draft of the guide should be published by early next year.

"The best security programs are ones that are kind of indivisible because they disappear into the mainstream activities so you don't run around looking for the security officer," Ross says in a video interview recorded at at Information Security Media Group's Data Breach Prevention and Response Summit.

Ross, a NIST fellow, delivered the closing keynote address at the summit.

In the interview, Ross:

  • Provides examples how the new draft aims to eliminate the disconnect that exists between the C-suite and the IT security organization;
  • Explains that the latest draft focuses on nontechnical processes; and
  • Discusses how NIST is examining past breaches to see if the new guidance could have prevented or at least curtailed the impact of the cyber incidents.

Ross - lead author of NIST Special Publications 800-30 and 800-37, the authoritative guidance on risk assessment and risk management - specializes in security requirements definition, security testing and evaluation and information assurance. He leads NIST's Federal Information Security Management Act Implementation Project, which includes the development of key security standards and guidelines for the federal government and critical information infrastructure.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.