FAIR Institute Blog

Case Study: NIST Digital Identity Guidelines and FAIR “Made for Each Other”

[fa icon="calendar"] Sep 29, 2017 5:15:42 PM / by Jeff B. Copeland

NIST-Digital-Identity-Guidelines-FAIR.jpgThe new NIST 800-63-3 Digital Identity Guidelines and FAIR were “made for each other”, writes Chip Block, VP at Evolver, Inc., (the operator of large-scale security operations centers for government and business) in an article just published on The Security Ledger website  -- the guidelines establish levels of security based on risk, and FAIR sets monetary values for the risk, enabling organizations to prioritize spending.

Block runs through a case study to make the point. An organization that hasn’t updated security in years faces two choices:

  • Leave current system in place and hope for best? Result: high risk of loss
  • Implement card based/token two factor authorization for all employees?  Result: very expensive.

And the board asks: “How much more secure will we be after spending the money?”

Block (who leads the Washington, DC, chapter of the FAIR Institute) shows how a FAIR analysis reveals the organization’s strongest concentration of risk is around five asset areas. Then, FAIR answers in financial terms the questions in the NIST risk rating system to guide the organization to a sophisticated, varied approach to identity authentication for different assets.

Read a more extensive version of Block’s article on NIST Digital Identity Guidelines and FAIR on the Evolver website.  

Topics: FAIR, Case Studies

Jeff B. Copeland

Written by Jeff B. Copeland

Jeff is the Content Marketing Manager for RiskLens.

More

Subscribe to Email Updates

417NjDVYgtL._SX404_BO1204203200_.jpg
Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts