NIST SP 800-30
Risk Management Process
Risk Assessment (RA)
Risk Concepts
Risk Models
Assessment Approaches
Analysis Approaches
Cultural Effects
Risk Assessment Application
Organizational Tier
Mission/Business Process Tier
Information Systems Tier
Communication & Info Sharing
The Process
Organizations depend on information technology (IT) to successfully carry out their missions and business functions. IT can include diverse entities ranging from office networks, financial and personnel systems to specialized systems (e.g. process control, weapons, telecommunications,   and environmental control systems). Information systems are subject to serious threats that can have adverse effects on organizational operations and assets, individuals, other organizations, and the Nation by exploiting both known and unknown vulnerabilities to compromise the confidentiality, integrity, or availability of the information being processed, stored, or transmitted by those systems. Threats to information systems can include purposeful attacks, environmental disruptions, human/machine errors, and structural failures, and can result in harm to the national and economic security interests of the United States. Therefore, it is imperative that leaders and managers at all levels understand their responsibilities and are held accountable for managing information security risk—that is, the risk associated with the operation and use of information systems that support the missions and business functions of their organizations.  The contents of our Risk Assessment/Management offering reflects guidelines from NIST SP 800-30 and NIST SP 800-53 with user-friendly tools to implement these guidelines.
Security Begins and Ends with You!