Tuesday

NIST drafts guidance on risk management



This was released about a week ago and it's only a draft. But it might be an interesting read anyway.

NIST announces the release of the initial public draft of Special Publication 800-39, Managing Risk from Information Systems: An Organizational Perspective.

This publication provides guidelines for managing risk to organizational operations, organizational assets, individuals, other organizations, and the Nation resulting from the operation and use of information systems. Special Publication 800-39 is the flagship document in the series of FISMA-related publications developed by NIST and provides a disciplined, structured, flexible, extensible, and repeatable approach for managing that portion of risk resulting from the incorporation of information systems into the mission and business processes of the organization.

Comments will be accepted through December 14, 2007. Email comments to: sec-cert@nist.gov

URL to DRAFTS page:
http://csrc.nist.gov/publications/PubsDrafts.html

URL to PDF file for Draft SP 8000-39:
http://csrc.nist.gov/publications/drafts/800-39/SP-800-39-ipd.pdf

No comments: