NIST SP800-128 2011 (†732)Johnson, Arnold, et al. Guide for Security-Focused Configuration Management of Information Systems: SP 800-128 (National Institute of Standards and Technology, 2011).
- adequate security (p. 6): It is incumbent upon the organization to implement its directives in a manner that provides adequate security for protecting information and information systems. As threats continue to evolve in an environment where organizations have finite resources with which to protect themselves, security has become a risk-based activity where the operational and economic costs of ensuring that a particular threat does not exploit a vulnerability are balanced against the needs of the organization’s mission and business processes. (†1679)