Tuesday, 27 September 2011

NIST Releases Guide for Conducting Risk Assessments

National Institute of Standards and Technology (NIST) has released the Guide for Conducting Risk Assessments (NIST Special Publication 800-30, Revision 1).

As threats to cyber systems grow more and more complex, risk assessments help companies determine appropriate responses to mitigate risks to their organizations, guide investment strategies and maintain ongoing situational awareness of the state of their systems.

Overall guidance for risk assessment for information security can be found in Managing Information Security Risk: Organization, Mission, and Information System View (NIST SP 800-39).