IT Asset Management: Financial Services NIST SP 1800-5: Practice Guide (Draft Jan 2016)
暫譯: IT資產管理：金融服務 NIST SP 1800-5：實務指南（草稿 2016年1月）

Draft - Jan 2016 Large financial services organizations employ tens or hundreds of thousands of individuals. At this scale, the technology base required to ensure smooth business operations (including computers, mobile devices, operating systems, applications, data, and network resources) is massive. To effectively manage, use, and secure each of those assets, you need to know their locations and functions. While physical assets can be labeled with bar codes and tracked in a database, this approach does not answer questions such as “What operating systems are our laptops running?” and “Which devices are vulnerable to the latest threat?” Computer security professionals in the financial services sector are challenged by the vast diversity of hardware and software they attempt to track, and by a lack of centralized control: A large financial services organization can include subsidiaries, branches, third-party partners, contractors, as well as temporary workers and guests. This complexity makes it difficult to assess vulnerabilities or to respond quickly to threats, and accurately assess risk in the first place (by pinpointing the most valuable assets).

This public domain material was printed by 4th Watch Cyber Books. 4th Watch is not affiliated with the National Institute of Standards. 4th Watch books use high-quality 8 ½ by 11 inch paper, and are tightly bound. Most are printed in full color, that’s why they cost so much.

For more NIST titles, visit: cybah.webplus.net/index.html Partial list below:


NIST SP 800-12 Rev 1 An Introduction to Information Security

NIST SP 800-18 Developing Security Plans for Federal Information Systems

NIST SP 800-30 Guide for Conducting Risk Assessments

NIST SP 800-32 Public Key Technology and the Federal PKI Infrastructure

NIST SP 800-34 Contingency Planning Guide for Federal Information Systems

NIST SP 800-37 Applying Risk Management Framework to Federal Information

NIST SP 800-39 Managing Information Security Risk

NIST SP 800-53 Rev 4 Security and Privacy Controls for Federal Information Systems and Organizations

NIST SP 800-53A R4 Assessing Security and Privacy Controls

NIST SP 800-57 Recommendation for Key Management

NIST SP 800-61 Computer Security Incident Handling Guide

NIST SP 800-82r2 Guide to Industrial Control Systems (ICS) Security

NIST SP 800-95 Guide to Secure Web Services

NIST SP 800-121 Guide to Bluetooth Security

NIST SP 800-137 Information Security Continuous Monitoring (ISCM)

NIST SP 800-160 Systems Security Engineering

NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems

NIST SP 800-177 Trustworthy Email

NIST SP 800-184 Guide for Cybersecurity Event Recovery

NIST SP 800-190 Application Container Security Guide

NIST SP 800-193 Platform Firmware Resiliency Guidelines

NIST SP 1800-1 Securing Electronic Health Records on Mobile Devices

NIST SP 1800-2 Identity and Access Management for Electric Utilities

NIST SP 1800-5 IT Asset Management: Financial Services

NIST SP 1800-6 Domain Name Systems-Based Electronic Mail Security

NIST SP 1800-7 Situational Awareness for Electric Utilities

NIST SP 1800-8: Securing Wireless Infusion Pumps

NISTIR 8011 Automation Support for Security Control Assessments

NISTIR 8170 The Cybersecurity Framework Cybersecurity Framework Manufacturing Profile

NIST Framework for Improving Critical Infrastructure Cybersecurity

NISTIR 8062 Introduction to Privacy Engineering and Risk Management in Federal Systems