ABSTRACT
Businesses must ensure that they practice due care and due diligence with their security programs. They must implement non-technical security controls as well as policies and procedures to support the technical solutions used in the business. The NIST special publications and methodologies are helpful to ensure that commercial companies and state and federal systems are secure. Using NIST comprehensive methodologies for risk assessments helps ensure due care and due diligence above other methodologies such as the ISO 17799 and self-directed Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) methodology.
