tailieunhanh - Integrating IT Security into the Capital Planning and Investment Control Process

The market value of a held-to-maturity debt security will fluctuate, based on market inter- est rates. Also, if the credit rating of the borrower changes, the market value of the invest- ment will fluctuate, as the risk attached to future cash flow is changed. This, again, changes the risk premium appropriately included in the discount the value of an invest- ment falls below its acquisition cost, assets may be overstated. Conservatism might dictate loss recognition. However, since the security is not held for sale, and its maturity value is assured,market value is not a relevant measurement attribute. Therefore, the loss is not rec- ognized in net. | NIST Special Publication 800-65 National Institute of Standards and Technology Technology Administration . Department of Commerce Integrating IT Security into the Capital Planning and Investment Control Process Joan Hash Nadya Bartol Holly Rollins Will Robinson John Abeles and Steve Batdorff INFORMATION SECURITY Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg MD 20899-8930 Version January 2005 Reports on Information Systems Technology The Information Technology Laboratory ITL at the National Institute of Standards and Technology promotes the United States economy and public welfare by providing technical leadership for the Nation s measurement and standards infrastructure. ITL develops tests test methods reference data proof-of-concept implementations and technical analyses to advance the development and productive use of information technology. ITL s responsibilities include the development of management administrative technical and physical standards and guidelines for the cost-effective security and privacy of non-national-security-related information in federal information systems. This Special Publication 800 series reports on ITL s research guidelines and outreach efforts in information system security and its collaborative activities with industry government and academic organizations. ii Authority This document has been developed by the National Institute of Standards and Technology NIST to further respond to its statutory responsibilities under the Federal Information Security Management Act of 2002 Public Law 107-347. NIST is responsible for developing standards and guidelines including minimum requirements for providing adequate information security for all agency operations and assets but such standards and guidelines shall not apply to national security systems. This guideline is consistent with the requirements of the Office of Management and Budget OMB Circular A-130 .