Accession Number PB2012-114865
Title Guide for Conducting Risk Assessments.
Publication Date Sep 2012
Media Count 95p
Personal Author N/A
Abstract The guidance in the revised publication has been significantly expanded to include more information on a variety of risk factors essential to determining information security risk, such as threat sources and events, vulnerabilities and predisposing conditions, impact, and likelihood of threat occurrence. The publication describes a three-step process to help organizations prepare for risk assessments, successfully conduct risk assessments and keep assessment results up to date. Guide for Conducting Risk Assessments also describes how to apply the risk assessment process at the three tiers of the risk management hierarchy outlined in Special Publication 800-39. Sample templates, tables and assessment scales for common risk factors are provided for users to adapt to their own organizational risk assessments based on the purpose, scope, assumptions, and constraints of the assessments.
Keywords Assessments
Information systems
Information technology
Private sector
Public sector
Risk management


 
Source Agency National Institute of Standards and Technology
NTIS Subject Category 70B - Management Practice
88B - Information Systems
Corporate Author National Inst. of Standards and Technology (ITL), Gaithersburg, MD. Computer Security Div.
Document Type Technical report
Title Note N/A
NTIS Issue Number 1226
Contract Number N/A

Science and Technology Highlights

See a sampling of the latest scientific, technical and engineering information from NTIS in the NTIS Technical Reports Newsletter

Acrobat Reader Mobile    Acrobat Reader