Video: Ron Ross Promotes New InfoSec ApproachAdapting Engineering Principles to IT Security
Information risk management expert Ron Ross is evangelizing a new approach to secure IT that adopts an engineering approach to build trustworthy and resilient information systems.
See Also: Managing API Security
Ross is leading a team at the National Institute of Standards and Technology that's creating new guidance titled Systems Security Engineering, Special Publication 800-160. The second draft of the guide should be published by early next year.
"The best security programs are ones that are kind of indivisible because they disappear into the mainstream activities so you don't run around looking for the security officer," Ross says in a video interview recorded at at Information Security Media Group's Data Breach Prevention and Response Summit.
Ross, a NIST fellow, delivered the closing keynote address at the summit.
In the interview, Ross:
- Provides examples how the new draft aims to eliminate the disconnect that exists between the C-suite and the IT security organization;
- Explains that the latest draft focuses on nontechnical processes; and
- Discusses how NIST is examining past breaches to see if the new guidance could have prevented or at least curtailed the impact of the cyber incidents.
Ross - lead author of NIST Special Publications 800-30 and 800-37, the authoritative guidance on risk assessment and risk management - specializes in security requirements definition, security testing and evaluation and information assurance. He leads NIST's Federal Information Security Management Act Implementation Project, which includes the development of key security standards and guidelines for the federal government and critical information infrastructure.