NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
NIST SP 800-30 Risk Management Guide for Information Technology Systems
on Saturday 21 January 2006 print the content item {PDF=create pdf file of the content item^plugin:content.40}
in NIST.gov Publications > Special Publications - SP 800 series

Every organization has a mission. In this digital era, as organizations use automated information technology (IT) systems to process their information for better support of their missions, risk management plays a critical role in protecting an organization’s information assets, and therefore its mission, from IT-related risk.

Download NIST Special Publication 800-30

Please use the NIST.org Forum to ask questions or discuss this document. Members can use the comment link below for short comments about this publication.


(The below SP 800-40 description is from NIST.gov, edited)

An effective risk management process is an important component of a successful IT security program. The principal goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.

The SP 800-30 document was created by the National Institute of Standards and Technology and is public domain (not subject to copyright).



NIST Special Publication # 800-30


Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2014-9862 (mac_os_x)
Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and ...
»CVE-2015-5738
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II ...
»CVE-2015-8946
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from acti ...
»CVE-2016-0635 (documaker, enterprise_manager_ops_center, health_sciences_information_manager, healthcare_master_person_index, insurance_calculation_engine, insurance_policy_administration_j2ee, insurance_rules_palette, primavera_contract_management, primavera_p6_enterprise_project_portfolio_management, retail_integration_bus, retail_order_broker_cloud_service)
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manage ...
»CVE-2016-1705 (chrome)
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a ...
»CVE-2016-1706 (chrome)
The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC me ...
»CVE-2016-1707 (chrome)
ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensu ...
»CVE-2016-1708 (chrome)
The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome ...
»CVE-2016-1709 (chrome, sfntly)
Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly befor ...
»CVE-2016-1710 (chrome)
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as use ...
»CVE-2016-1711 (chrome)
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, do ...
»CVE-2016-1863 (apple_tv, iphone_os, mac_os_x, watchos)
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2 ...
»CVE-2016-1865 (apple_tv, iphone_os, mac_os_x, watchos)
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2 ...
»CVE-2016-3451 (integrated_lights_out_manager_firmware)
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3 ...
»CVE-2016-3481 (integrated_lights_out_manager_firmware)
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3 ...


Date published: 2016-07-27T04:50:04Z
Details

»Google Releases Security Update for Chrome
Original release date: July 21, 2016 Google has released Chrome version 52.0.2743.82 to addre ...
»Cisco Releases Security Update
Original release date: July 20, 2016 | Last revised: July 25, 2016 Cisco has released a secur ...
»Oracle Releases Security Bulletin
Original release date: July 19, 2016 Oracle has released its Critical Patch Update for July 2016 to address 276 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review the Oracle July 2016 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
»Drupal Releases Security Advisory
Original release date: July 18, 2016 Drupal has released an advisory to address a vulnerabili ...
»Apple Releases Multiple Security Updates
Original release date: July 18, 2016 Apple has released security updates for iTunes, Safari, ...
»Cisco Releases Security Updates
Original release date: July 14, 2016 Cisco has released security updates to address vulnerabi ...
»Microsoft Releases Security Updates
Original release date: July 12, 2016 Microsoft has released 11 updates to address vulnerabili ...
»Adobe Releases Security Updates
Original release date: July 12, 2016 Adobe has released security updates to address vulnerabi ...
»Cisco Releases Security Updates
Original release date: June 30, 2016 Cisco has released security updates to address vulnerabi ...
»Symantec Releases Security Updates
Original release date: June 29, 2016 Symantec has released security updates to address vulner ...


Date published: not known
Details

»It's 2016. Can we stop using MD5 in malware analyses?
While there are no actually risks involved in using MD5s in malware ...
»Throwback Thursday: Holding the Bady
In 2001, ‘Code Red’ caused White House administrators to change the ...
»Paper: The Journey of Evasion Enters Behavioural Phase
A new paper by FireEye researcher Ankit Anubhav provides an overvie ...
»Guest blog: Espionage toolkit uncovered targeting Central and Eastern Europe
Recently, ESET researchers uncovered a new espionage toolkit target ...
»Avast acquires AVG for $1.3bn
Anti-virus vendor Avast has announced the acquisition of its rival ...
»Throwback Thursday: You Are the Weakest Link, Goodbye!
Passwords have long been a weak point in the security chain, despit ...
»Paper: New Keylogger on the Block
In a new paper published by Virus Bulletin, Sophos researcher Gabor ...
»BSides Denver to take place the day after VB2016
VB2016, the 26th International Virus Bulletin conference, is an exc ...
»VB2015 paper: DDoS Trojan: A Malicious Concept that Conquered the ELF Format
In their VB2015 paper, Peter Kálnai and Jaromír Hořejší look at the ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» Google Releases Security Update for Chrome
[21 Jul 2016 11:27am]

» Cisco Releases Security Update
[20 Jul 2016 10:29am]

» Oracle Releases Security Bulletin
[19 Jul 2016 04:07pm]

» Drupal Releases Security Advisory
[18 Jul 2016 03:23pm]

» Apple Releases Multiple Security Updates
[18 Jul 2016 03:13pm]

» Cisco Releases Security Updates
[14 Jul 2016 07:09am]

» Microsoft Releases Security Updates
[12 Jul 2016 05:06pm]

» Adobe Releases Security Updates
[12 Jul 2016 10:55am]

» Cisco Releases Security Updates
[30 Jun 2016 05:35am]

» Symantec Releases Security Updates
[29 Jun 2016 09:40am]

***
US-CERT Alerts

» TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities
[05 Jul 2016 08:50am]

» TA16-144A: WPAD Name Collision Vulnerability
[23 May 2016 05:38am]

» TA16-132A: Exploitation of SAP Business Applications
[11 May 2016 05:31am]

» TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
[14 Apr 2016 01:48pm]

» TA16-091A: Ransomware and Recent Variants
[31 Mar 2016 04:00pm]

» TA15-337A: Dorkbot
[03 Dec 2015 04:40pm]

» TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance
[10 Nov 2015 06:12pm]

» TA15-286A: Dridex P2P Malware
[13 Oct 2015 05:23am]

» TA15-240A: Controlling Outbound DNS Access
[28 Aug 2015 11:31am]

» TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations
[01 Aug 2015 04:01pm]

***
Computerworld Security

» Surefire security fail: One. App. At. A. Time.
[27 Jul 2016 05:00am]

» FBI to lead nation's cyberattack responses
[26 Jul 2016 02:21pm]

» SMS-based two-factor authentication may be headed out the door
[26 Jul 2016 01:26pm]

» Kimpton Hotels is investigating a possible payment card breach
[26 Jul 2016 11:26am]

» Verizon's Yahoo deal creates a tracking powerhouse
[26 Jul 2016 11:01am]

» Cyberespionage group sets its sights on multiple industries
[26 Jul 2016 09:12am]

» U.S. and EU tech companies at sea with end of data Safe Harbor
[26 Jul 2016 06:25am]

» Cybersecurity firm offers users reimbursement for ransomware infections
[26 Jul 2016 05:57am]

» FBI probes DNC hack for Russian involvement
[25 Jul 2016 06:26pm]

» Here are the key security features arriving with Windows 10 next week
[25 Jul 2016 04:19pm]

» Schneier: Next president may face IoT cyberattack that causes people to die
[25 Jul 2016 10:54am]

» Devices with Qualcomm modems safe from critical ASN.1 flaw
[25 Jul 2016 10:18am]

» IDG Contributor Network: StackPath launches to build singular system for secure internet
[25 Jul 2016 10:00am]

» Ransomware protection -- what you may be missing
[25 Jul 2016 09:45am]

» Tricks that ransomware uses to fool you
[23 Jul 2016 05:00am]

***
Microsoft Security Advisories

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 11:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 11:00am]

» 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
[12 Jan 2016 11:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 11:00am]

» 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
[12 Jan 2016 11:00am]

» 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 53.0
[05 Jan 2016 11:00am]

» 3057154 - Update to Harden Use of DES Encryption - Version: 1.1
[08 Dec 2015 11:00am]

» 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
[08 Dec 2015 11:00am]

» 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0
[30 Nov 2015 11:00am]

» 3108638 - Update for Windows Hyper-V to Address CPU Weakness - Version: 1.0
[10 Nov 2015 11:00am]

» 3097966 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 2.0
[13 Oct 2015 11:00am]

» 3042058 - Update to Default Cipher Suite Priority Order - Version: 1.1
[13 Oct 2015 11:00am]

***
WIRED

» WikiLeaks Has Officially Lost the Moral High Ground
[27 Jul 2016 06:00am]

» Radio Hack Steals Keystrokes from Millions of Wireless Keyboards
[26 Jul 2016 07:30am]

» 11 Police Robots Patrolling Around the World
[24 Jul 2016 05:00am]

» The KickassTorrents Case Could Be Huge
[22 Jul 2016 07:00am]

» How the Republican Convention Fends Off Hackers
[21 Jul 2016 07:55am]

» Snowden Designs a Device to Warn if Your iPhone’s Radios Are Snitching
[21 Jul 2016 07:01am]

» How the RNC Would Handle a Worst-Case Scenario Like a Bio or Chemical Attack
[21 Jul 2016 05:00am]

» Now You Can Hide Your Smart Home on the Darknet
[20 Jul 2016 02:57pm]

» WikiLeaks Dumps ‘Erdogan Emails’ After Turkey’s Failed Coup
[19 Jul 2016 03:59pm]

» A New Service Alerts You When Someone Uses Your Social Security Number
[19 Jul 2016 07:00am]

***
Network World Security

» How to avoid burnout
[27 Jul 2016 06:08am]

» Will the Olympics ‘payment ring’ jumpstart NFC demand?
[27 Jul 2016 06:06am]

» 9 must-have 'smart' gadgets for your connected office
[27 Jul 2016 06:04am]

» IDG Contributor Network: Identity Finder rebrands and comes out with a fear-inducing report
[27 Jul 2016 06:00am]

» Review: Promisec goes the extra step to secure PCs
[13 Jul 2016 06:21am]

» 4 tools for managing firewall rules
[07 Jul 2016 11:03am]

» 10 advanced endpoint protection tools
[05 Jul 2016 04:00am]

» How to buy endpoint security products
[05 Jul 2016 04:00am]

» 7 trends in advanced endpoint protection
[05 Jul 2016 04:00am]

» 10 cutting-edge tools that take endpoint security to a new level
[05 Jul 2016 04:00am]

» Buyer’s Guide to 9 multi-factor authentication products
[06 Jun 2016 04:00am]

» 5 trends shaking up multi-factor authentication
[06 Jun 2016 04:00am]

» 9-vendor authentication roundup: The good, the bad and the ugly
[06 Jun 2016 04:00am]

» In light of increased cyberattacks, White House sets defense plan with FBI in charge
[26 Jul 2016 05:48pm]

» SMS-based two-factor authentication may be headed out the door
[26 Jul 2016 12:48pm]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}