Click here to read the interview as a PDF.

• The Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the not-for-profit International Information Systems Security Certification Consortium, commonly known as (ISC2). The CISSP recommend specific risk assessment and management procedures and strategies.

• The National Institute of Standards and Technology (NIST) The NIST computer security division has a Special Publication Series, SP800 with magnificent recommendation and suggested practices to ensure stable, secure systems.  The following two are particularly helpful resources for performing a risk assessment:
  • NIST SP 800-39
    (Draft) “Managing Risk from Information Systems: An Organizational Perspective”
  • NIST SP 800-30
    “Risk Management Guide for Information Technology Systems”
• OCTAVE®
  This stands for CERT’s Operationally Critical Threat, Asset, and Vulnerability Evaluation^SM, which comes in the form of the OCTAVE Allegro method, a streamlined process used for information asset risk evaluation

The central database is typically referred to as the ‘registry’, and it provides registration service and management functionality to registrars through a secure interface. These registrars, such GoDaddy, 1&1, or Network Solutions, in turn provide a web interface to the registrant. The registrant is the individual or business that ‘owns’ the domain name and can administer it through their interface.

The supply chain looks a little like this from a very high level:

There is often an optional layer between the registrant and the registrar, called a reseller.