ThomasNet News Logo
Sign Up | Log In | ThomasNet Home | Promote Your Business

NIST Guidance addresses computer security risk assessment.

Print | 
Email |  Comment   Share  
September 21, 2012 - Released by NIST, Guide for Conducting Risk Assessments (SP 800-30, Revision 1) can provide senior leaders and executives with information needed to understand and make decisions about information security risks and IT infrastructures. Guidance covers 4 elements: threats, vulnerabilities, impact to missions and business operations, and likelihood of threat exploitation of vulnerabilities in information systems and their physical environment to cause harm or adverse consequences.

New NIST Publication Provides Guidance for Computer Security Risk Assessments


(Archive News Story - Products mentioned in this Archive News Story may or may not be available from the manufacturer.)

National Institute of Standards & Technology
100 Bureau Dr., Stop 1070
Gaithersburg, MD, 20899-1070
USA



Press release date: September 18, 2012

The National Institute of Standards and Technology (NIST) has released a final version of its risk assessment guidelines that can provide senior leaders and executives with the information they need to understand and make decisions about their organization's current information security risks and information technology infrastructures.

"Risk assessments are an important tool for managers," explains Ron Ross, NIST fellow and one of the authors of Guide for Conducting Risk Assessments. "With the increasing breadth and depth of cyber attacks on federal information systems and the U.S. critical infrastructure, risk assessments provide important information to guide and inform the selection of appropriate defensive measures so organizations can respond effectively to cyber-related risks."

Information technology risks include risk to the organization's operations (including, for example, missions and reputation), its critical assets such as data and physical property, and individuals who are part of or served by the organization. In some cases, these risks extend to the nation as a whole. Risk assessments are part of an organization's total risk management process.

In March 2011, NIST released Managing Information Security Risk: Organization, Missions and Information System View (NIST Special Publication 800-39)*, which describes the process for managing information security risk for federal agencies and contractors. That process includes framing risk, assessing risk, responding to risk and monitoring risk over time.

The new publication, Guide for Conducting Risk Assessments, focuses exclusively on risk assessment—the second step in the information security risk management process. The guidance covers the four elements of a classic risk assessment: threats, vulnerabilities, impact to missions and business operations, and the likelihood of threat exploitation of vulnerabilities in information systems and their physical environment to cause harm or adverse consequences.

"As the size and complexity of our collective IT infrastructure grows, we cannot protect everything we own or manage to the highest degree," says Ross. "Risk assessments show us where we are most at risk. It provides a way to decide where managers should focus their attention."

The risk assessment guidance is designed to meet the needs of a variety of organizations, large and small, including financial institutions, health care providers, software developers, manufacturing companies, military planners and operators, and law enforcement groups.

The Guide for Conducting Risk Assessments (SP 800-30, Revision 1) completes the original series of five key computer security documents envisioned by the Joint Task Force—a partnership of NIST, the Department of Defense, the Office of the Director of National Intelligence and the Committee on National Security Systems—to create a unified information security framework for the federal government. SP 800-39 is also in this series.

The guide is available at www.nist.gov/manuscript-publication-search.cfm?pub_id=912091.

* SP 800-39 is available at www.nist.gov/manuscript-publication-search.cfm?pub_id=908030.

Media Contact: Evelyn Brown, evelyn.brown@nist.gov, 301-975-5661
Print | 
Email |  Comment   Share  
Contacts: View detailed contact information.


 

Post a comment about this story

Name:
E-mail:
(your e-mail address will not be posted)
Comment title:
Comment:
To submit comment, enter the security code shown below and press 'Post Comment'.
 



 See related product stories
More .....
 See more product news in:
Services
 More New Product News from this company:
NIST-Sponsored Report addresses greenhouse gas measurement.
Disaster/Failure Study Data will be available via NIST website.
NIST Physicist receives 2011 William F. Meggers Award.
More ....
| Featured Manufacturing Jobs
 Other News from this company:
11 New Consortia to Be Launched; Partnerships Span Industries, Link to Universities
NIST-University of Maryland Conference to Highlight Women in Physics
NIST MEP Sets Up One-Stop Shop for Manufacturing-Related Research and Reports
Grants to Two States Will Support Improved Access to Services and Reduce Fraud
NIST Cybersecurity Framework
More ....
 Tools for you
Watch Company 
View Company Profile
Company web site
More news from this company
E-mail this story to a friend
Save Story
Search for suppliers of
Trade Associations


Home  |  My ThomasNet News®  |  Industry Market Trends®  |  Submit Release  |  Advertise  |  Contact News  |  About Us
Brought to you by Thomasnet.com        Browse ThomasNet Directory

Copyright © 2014 Thomas Publishing Company. All Rights Reserved.
Terms of Use - Privacy Policy



Error close

Please enter a valid email address