| Author(s): |
Ross, R. S.; |
| Title: |
Guide for Conducting Risk Assessments |
| Published: |
September 17, 2012 |
| Abstract: |
The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance provided in Special Publication 800-39. This document provides guidance for carrying out each of the three steps in the risk assessment process (i.e., prepare for the assessment, conduct the assessment, and maintain the assessment) and how risk assessments and other organizational risk management processes complement and inform each other. |
| Citation: |
NIST SP - 800-30rev1 |
| Keywords: |
risk management; risk assessment; monitoring risk; analysis approach; tier 1, 2, 3; RMF; risk model; threat sources |
| Research Areas: |
Information Technology, Computer Security |
| PDF version: |
 Click here to retrieve PDF version of paper (821 K) |
