Welcome to Scribd!

Risk Management Guide For Information Technology Systems: NIST 800-30

Uploaded by

0% found this document useful (0 votes)

72 views9 pages

The NIST 800-30 document provides recommendations for establishing an effective risk management program for information technology systems. It describes a risk management methodology that involves three key processes: risk assessment to identify risks, risk mitigation to reduce risks to an acceptable level, and evaluation and assessment to monitor ongoing risks. The goal is to help organizations better protect their IT systems and mission while enabling management to make well-informed risk-based decisions.

Original Description:

Original Title

NIST800_30_Presentation

Copyright

Available Formats

PPT, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PPT, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

72 views9 pages

Risk Management Guide For Information Technology Systems: NIST 800-30

Uploaded by

Stephenandres

Copyright:

Available Formats

Download as PPT, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 9

Search inside document

NIST 800-30

Risk Management Guide for

Information Technology Systems
Recommendations of the National
Institute of Standards and Technology
Gary Stoneburner, Alice Goguen, & Alexia Feringa

Reference: http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

Jump to first page

Risk Management (RM)

RM – the process of identifying risk,
assessing risk, and taking steps to reduce
risk to an acceptable level.

Goal – To protect the organization and its
ability to perform their mission, not just its
IT assets.

Thus, RM is an essential management
function of the organization.

Jump to first page

Objectives of RM
To enable accomplishment of mission by:
 Better secure IT systems
 Management making well-informed decisions
 Assist management in authorizing (or
accrediting) the IT systems on the basis of the
supporting documentation.

Jump to first page

Purpose of 800-30

Special Publication July 2002


This guide provides a foundation for the
development of an effective RM program,
containing both the definitions and the
practical guidance necessary for
assessing and mitigating risks identified
by IT systems.

Jump to first page

Components in 800-30
This RM guide describes the RM methodology,
how it fits into each phase of the SDLC, and
how the RM process is tied to the process of
system authorization (or accreditation). It
involves 3 processes:
 Risk Assessment (what is my risk?)
 Risk Mitigation (what am I going to do about it?)
 Evaluation & Assessment (How did I do?)

Jump to first page

Risk Assessment

Step 1: System Characterization

Step 2: Threat Identification.

Step 3: Vulnerability Identification.

Step 4: Control Analysis.

Step 5: Likelihood Determination

Step 6: Impact Analysis.

Step 7: Risk Determination

Step 8: Control Recommendations

Step 9: Results Documentation

Jump to first page

Risk Mitigation

Senior management and functional & business
managers to use least cost approach, implement
most appropriate controls to decrease mission
risk to acceptable level, with minimal adverse
impact on organization’s resources and mission.

Risk Mitigation options are:
 Risk Assumption
 Risk Avoidance
 Risk Limitation
 Risk Transference
 Risk Planning
 Research and Acknowledgement

Jump to first page

Evaluation & Assessment

RM process is ongoing and evolving.

Emphasizes good practice, need ongoing
risk evaluation & assessment and factors
to successful RM program.

Scheduled, periodic re-assessing and
mitigating mission risks

Flexible to allow changes when warranted

Repeated every 3 years for for federal
agencies, per OMB A-130

Jump to first page

THE END

Jump to first page

ISO 27001 2013 Requirementwise Documents List
Document8 pages
ISO 27001 2013 Requirementwise Documents List
Christen Castillo
50% (2)
Afa 708 Midterm Notes
Document8 pages
Afa 708 Midterm Notes
Mariam Siddiqui
No ratings yet
ERMA EBA - Reading Material Module 3 - Principles of Risk Management
Document49 pages
ERMA EBA - Reading Material Module 3 - Principles of Risk Management
Bagas Nurfazar
No ratings yet
National Detergents Oman New
Document14 pages
National Detergents Oman New
Rizwan Hameed
0% (1)
Risk Management 1
Document41 pages
Risk Management 1
Amit Agarwal
100% (2)
Risk Management Key Notes
From Everand
Risk Management Key Notes
Muhammad Zeeshan Ali
No ratings yet
Risk Analysis in IT
Document24 pages
Risk Analysis in IT
api-19916368
No ratings yet
Riskmanagement
Document18 pages
Riskmanagement
Amirul 'Ariff Abdul Manaf
No ratings yet
Week 9
Document36 pages
Week 9
Mithilesh Ramgolam
No ratings yet
NIST SP800-30 Approach To Risk Assessment
Document6 pages
NIST SP800-30 Approach To Risk Assessment
Babby Boss
No ratings yet
A. Material 1) Failure Modes and Effect Analysis: I. Aterial and Ethod
Document7 pages
A. Material 1) Failure Modes and Effect Analysis: I. Aterial and Ethod
Lilamala Lilavelika
No ratings yet
Importance of Risk Management
Document15 pages
Importance of Risk Management
rizalajie wiyono
No ratings yet
Risk Assessment and Management
Document11 pages
Risk Assessment and Management
Amor Dianne Arat
100% (2)
What Is Risk Analysis
Document3 pages
What Is Risk Analysis
Javeed A. Khan
No ratings yet
IISITv6p595 615nikolic673 PDF
Document21 pages
IISITv6p595 615nikolic673 PDF
Jack Misterouffe
No ratings yet
What Is A Risk Assessment - Definition From
Document3 pages
What Is A Risk Assessment - Definition From
Javeed A. Khan
No ratings yet
RM 2 - Risk Assessment
Document28 pages
RM 2 - Risk Assessment
Anishka
No ratings yet
RM 2 - Risk Assessment
Document28 pages
RM 2 - Risk Assessment
Anishka
No ratings yet
Hassan Akber (Ce-022)
Document14 pages
Hassan Akber (Ce-022)
Hassaan Akber
No ratings yet
Risk Rank Filter Training Guide
Document9 pages
Risk Rank Filter Training Guide
ravellababu
No ratings yet
Risk Management Through New FMEA AIAG VDA Trainingforparticipant
Document94 pages
Risk Management Through New FMEA AIAG VDA Trainingforparticipant
deniss walgat
No ratings yet
Fihil Services Detailed Brochure
Document47 pages
Fihil Services Detailed Brochure
Neil T
No ratings yet
CSSLP 2016 Notes
Document26 pages
CSSLP 2016 Notes
parul154
No ratings yet
The 3 Essential Capabilities Needed For Operational Risk Management
Document4 pages
The 3 Essential Capabilities Needed For Operational Risk Management
RajAnand
No ratings yet
KEYWORDS: Risk Management, ISO 31000:2009, Information Technology, Risk, Threat
Document6 pages
KEYWORDS: Risk Management, ISO 31000:2009, Information Technology, Risk, Threat
Atul Arora
No ratings yet
Risk Is A Function of The Likelihood of A Given Threat-Source's Exercising A Particular Potential Vulnerability, and The Resulting Impact of That Adverse Event On The Organization
Document4 pages
Risk Is A Function of The Likelihood of A Given Threat-Source's Exercising A Particular Potential Vulnerability, and The Resulting Impact of That Adverse Event On The Organization
sulabhsingh85
No ratings yet
Risk-Based Audit Methodology Apply To Organization's IT Risk Management
Document26 pages
Risk-Based Audit Methodology Apply To Organization's IT Risk Management
Jorge L. Merchán
No ratings yet
Enterprise Risk Management Risk Management Metrics and Risk
Document17 pages
Enterprise Risk Management Risk Management Metrics and Risk
Ildefonso Jacinto
No ratings yet
Risk Mitigation Process in SAP IAG 1710210280
Document14 pages
Risk Mitigation Process in SAP IAG 1710210280
gadesiger
No ratings yet
#Resource 1
Document12 pages
#Resource 1
Tania Julia
No ratings yet
Running Head: Risk Management Framework Overview 1
Document18 pages
Running Head: Risk Management Framework Overview 1
api-389071319
No ratings yet
Comparison Between ISO 27005
Document6 pages
Comparison Between ISO 27005
Indrian Wahyudi
No ratings yet
COSO-ERM Risk Assessment InPractice Thought Paper OCtober 2012
Document28 pages
COSO-ERM Risk Assessment InPractice Thought Paper OCtober 2012
Jorge Miranda
100% (1)
Term Paper - Risk Management in IT Projects
Document26 pages
Term Paper - Risk Management in IT Projects
ankur_saini_17
100% (2)
Security Risk Management - Approaches and Methodology
Document13 pages
Security Risk Management - Approaches and Methodology
ep230842
No ratings yet
Risk Assessment Frameworks: Rodney Petersen Government Relations Officer Security Task Force Coordinator Educause
Document23 pages
Risk Assessment Frameworks: Rodney Petersen Government Relations Officer Security Task Force Coordinator Educause
Piyush Gupta
No ratings yet
Project Management: Lecture Notes
Document30 pages
Project Management: Lecture Notes
kaushiki shukla
No ratings yet
Large Scale Information System Upgrade - A Case Study: Sumit Dayal
Document1 page
Large Scale Information System Upgrade - A Case Study: Sumit Dayal
sumitdayal
No ratings yet
Safety and Risk
Document16 pages
Safety and Risk
Vidula K
No ratings yet
Scenario-Based (IT) Risk Assessment & Management: Peter R. Bitterli, CISA, CISM, CGEIT
Document106 pages
Scenario-Based (IT) Risk Assessment & Management: Peter R. Bitterli, CISA, CISM, CGEIT
fawas hamdi
100% (1)
Risk Management FOR Hospital Management System
Document9 pages
Risk Management FOR Hospital Management System
Ojo Solomon
No ratings yet
Risk Management Approach For ISO27001
Document3 pages
Risk Management Approach For ISO27001
Canal Hannas
No ratings yet
Handout - FMEA - For Participants - ECI
Document94 pages
Handout - FMEA - For Participants - ECI
Ahmad Bin Ismail Khan
No ratings yet
"Risks in Information System ": Prepared By: Manoj Kumar Attri 23-MBA-2011
Document26 pages
"Risks in Information System ": Prepared By: Manoj Kumar Attri 23-MBA-2011
Amit Pal Singh
No ratings yet
CISSP - 1 Information Security & Risk Management
Document60 pages
CISSP - 1 Information Security & Risk Management
jonty509
No ratings yet
Risk-Management-Guide-Cso-2010 - Sample
Document17 pages
Risk-Management-Guide-Cso-2010 - Sample
Johnson Joshiraj Paul Jeyaraj
No ratings yet
Security Risk Management
Document28 pages
Security Risk Management
Krishna Chaitanya
No ratings yet
Unit 15
Document13 pages
Unit 15
koupibyt
No ratings yet
ISO 9001 Process Procedure QPP-061-1 Risks and Opportunities
Document5 pages
ISO 9001 Process Procedure QPP-061-1 Risks and Opportunities
imran shaukat
No ratings yet
Enterprise Risk Management 1s Sessinal Assgnment
Document10 pages
Enterprise Risk Management 1s Sessinal Assgnment
Sameer Xalkho
No ratings yet
Assignment Risk Management
Document5 pages
Assignment Risk Management
Himanshu Jain
No ratings yet
Risk Management Unit 4-1
Document13 pages
Risk Management Unit 4-1
Mohammad Moazzam Hussain
No ratings yet
Riskmanagement Process
Document61 pages
Riskmanagement Process
Nugi Dragneel
No ratings yet
Risk Management Principles
Document2 pages
Risk Management Principles
mostafa
No ratings yet
Module 3 CG 2022
Document18 pages
Module 3 CG 2022
Parikshit Mishra
No ratings yet
Intelie Ebook Dra 2022
Document15 pages
Intelie Ebook Dra 2022
Mariana Bonina
No ratings yet
Important Definations - Risk Managment
Document11 pages
Important Definations - Risk Managment
omer
No ratings yet
MODULE 8 - RMIC Rev01
Document37 pages
MODULE 8 - RMIC Rev01
Liza Mae Miranda
No ratings yet
SEI Risk MGT Framework
Document20 pages
SEI Risk MGT Framework
Aleksander Wyka
No ratings yet
TPDDL Risk Management ISO 31000
Document22 pages
TPDDL Risk Management ISO 31000
apoorva seth
No ratings yet
The Essential Qualities of Best-Practice ERM: Presenters
Document36 pages
The Essential Qualities of Best-Practice ERM: Presenters
pressbureau
No ratings yet
APPLIED SAFETY HW Due Tomorrow 12-14-2010
Document15 pages
APPLIED SAFETY HW Due Tomorrow 12-14-2010
Robert Ivan Herrera
No ratings yet
APPENDIX 6 - OMAS Contractor Pre-Qualification Questionnaire - 2.0
Document20 pages
APPENDIX 6 - OMAS Contractor Pre-Qualification Questionnaire - 2.0
Timuçin Öztürk
No ratings yet
Risk Calculations, Assessments & Rating - What Is A Risk Rating
Document5 pages
Risk Calculations, Assessments & Rating - What Is A Risk Rating
VPF Stephen
No ratings yet
Chapter 6 Event Marketing
Document9 pages
Chapter 6 Event Marketing
Gowtham Sg
No ratings yet
Risk Management For Medical Devices and The New BS EN ISO 14971
Document25 pages
Risk Management For Medical Devices and The New BS EN ISO 14971
Sandra Milena Sanabria Barrera
No ratings yet
Risk Management Plan
Document29 pages
Risk Management Plan
01095902062ahmed
No ratings yet
Microbiological Quality and Safety in Dairy Industry Book
Document216 pages
Microbiological Quality and Safety in Dairy Industry Book
ziza20 Ziza
No ratings yet
SITXWHS006 Learner Guide
Document115 pages
SITXWHS006 Learner Guide
tai20052001
No ratings yet
Linking Risk MGMNT To Bizstrategy-Process-Ops and Reporting KPMG PDF
Document28 pages
Linking Risk MGMNT To Bizstrategy-Process-Ops and Reporting KPMG PDF
etyonez
No ratings yet
07-Hazardous Manual Handling Module
Document2 pages
07-Hazardous Manual Handling Module
Sayed Abbas
No ratings yet
Artigo - RBI
Document17 pages
Artigo - RBI
Ielson Freire
No ratings yet
7 Gym Safety Handout Notes)
Document6 pages
7 Gym Safety Handout Notes)
Mark O Connell
No ratings yet
Construction - Method Statement Format - I Whattam 2007
Document2 pages
Construction - Method Statement Format - I Whattam 2007
alaa
No ratings yet
BISHA Magazine, Vol1, 2017
Document20 pages
BISHA Magazine, Vol1, 2017
TesfaNews
67% (3)
Guidance Note For CRA
Document1 page
Guidance Note For CRA
kartik paul
100% (1)
Jacking Procedurefor Construction of Tanks NEW
Document9 pages
Jacking Procedurefor Construction of Tanks NEW
Vikram Rangasamy
No ratings yet
Quality Risk Management Principles and Industry Case Studies December 28 2008
Document9 pages
Quality Risk Management Principles and Industry Case Studies December 28 2008
George Litu
No ratings yet
Element IA6: Risk Control Short Questions
Document5 pages
Element IA6: Risk Control Short Questions
rahularen
No ratings yet
Health Safety Craft Breweries Distilleries bk164 PDF en PDF
Document76 pages
Health Safety Craft Breweries Distilleries bk164 PDF en PDF
Jai Andales
No ratings yet
Jha - de Spading Activities For N2 Purging
Document4 pages
Jha - de Spading Activities For N2 Purging
Nasrullah
100% (1)
DNV Audit Programme
Document5 pages
DNV Audit Programme
Đường Một Chiều
No ratings yet
RA For Demolition of Substation or Workshop.
Document9 pages
RA For Demolition of Substation or Workshop.
Sajid
No ratings yet
MTBE Risk Assessment
Document292 pages
MTBE Risk Assessment
Bruno Oliveira
No ratings yet
(2004) Wahl - Uncertainty of Predictions of Embankment Dam Breach Parameters PDF
Document9 pages
(2004) Wahl - Uncertainty of Predictions of Embankment Dam Breach Parameters PDF
Abraham FIgueroa ARevalo
No ratings yet
Topic 2 Job Safety Analysis & Hirarc
Document65 pages
Topic 2 Job Safety Analysis & Hirarc
rie
No ratings yet
API RBI Training Course Slides r4
Document78 pages
API RBI Training Course Slides r4
sajeed76740
No ratings yet
Vacant PHD Topics
Document18 pages
Vacant PHD Topics
Peeran Ditta
No ratings yet
Achieving Zero Accidents
Document5 pages
Achieving Zero Accidents
Salih Erdem
No ratings yet
1 - Unit 5 - Assignment 2 Frontsheet
Document34 pages
1 - Unit 5 - Assignment 2 Frontsheet
Tran Quang Thang FGW DN
No ratings yet