NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
NIST SP 800-30 Risk Management Guide for Information Technology Systems
on Saturday 21 January 2006 print the content item {PDF=create pdf file of the content item^plugin:content.40}
in NIST.gov Publications > Special Publications - SP 800 series

Every organization has a mission. In this digital era, as organizations use automated information technology (IT) systems to process their information for better support of their missions, risk management plays a critical role in protecting an organization’s information assets, and therefore its mission, from IT-related risk.

Download NIST Special Publication 800-30

Please use the NIST.org Forum to ask questions or discuss this document. Members can use the comment link below for short comments about this publication.


(The below SP 800-40 description is from NIST.gov, edited)

An effective risk management process is an important component of a successful IT security program. The principal goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.

The SP 800-30 document was created by the National Institute of Standards and Technology and is public domain (not subject to copyright).



NIST Special Publication # 800-30


Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2016-0875 (edr_g903_firmware)
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and l ...
»CVE-2016-0876
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passw ...
»CVE-2016-0877 (edr_g903_firmware)
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a ...
»CVE-2016-0878 (edr_g903_firmware)
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of servic ...
»CVE-2016-0879
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log file ...
»CVE-2016-0907
EMC Isilon OneFS 7.1.x anxd 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8 ...
»CVE-2016-1379 (adaptive_security_appliance_software)
Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing ...
»CVE-2016-1404 (ucs_invicta_c3124sa_appliance)
Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same ...
»CVE-2016-1409
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3. ...
»CVE-2016-1410 (webex_meeting_center)
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive informa ...
»CVE-2016-1413 (firepower_management_center)
The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authentic ...
»CVE-2016-1999 (release_control)
The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary c ...
»CVE-2016-2023
HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified v ...
»CVE-2016-2025 (service_manager)
HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to ob ...
»CVE-2016-2285 (miineport_e1_4641_firmware, miineport_e1_7080_firmware, miineport_e2_1242_firmware, miineport_e2_4561_firmware, miineport_e3_firmware)
Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1. ...


Date published: 2016-06-01T04:50:00Z
Details

»Google Releases Security Update for Chrome
Original release date: May 26, 2016 Google has released Chrome version 51.0.2704.63 to addres ...
»Adobe Releases Security Update for Adobe Connect
Original release date: May 23, 2016 Adobe has released a security update to address a vulnera ...
»VMware Releases Security Updates
Original release date: May 18, 2016 VMware has released security updates to address vulnerabi ...
»Cisco Releases Security Updates
Original release date: May 18, 2016 Cisco has released security updates to address vulnerabil ...
»Symantec Releases Security Update
Original release date: May 16, 2016 Symantec has released Anti-Virus Engine 20151.1.1.4 to ad ...
»Apple Releases Multiple Security Updates
Original release date: May 16, 2016 Apple has released security updates for tvOS, iOS, watchO ...
»Adobe Releases Security Updates for Flash Player
Original release date: May 12, 2016 Adobe has released security updates to address vulnerabil ...
»Google Releases Security Update for Chrome
Original release date: May 11, 2016 Google has released Chrome version 50.0.2661.102 to addre ...
»Adobe Releases Security Updates
Original release date: May 10, 2016 | Last revised: May 11, 2016 Adobe has released security ...
»Microsoft Releases May 2016 Security Bulletin
Original release date: May 10, 2016 Microsoft has released 16 updates to address vulnerabilit ...


Date published: not known
Details

»Virus Bulletin's job site for recruiters and job seekers
Virus Bulletin has relaunched its security job vacancy service and ...
»Throwback Thursday: One_Half: The Lieutenant Commander?
In October 1994, a new multi-partite virus appeared, using some of ...
»Advertisements on Blogspot sites lead to support scam
Support scam pop-ups presented through malicious advertisements sho ...
»To make Tor work better on the web, we need to be honest about it
Many websites put barriers in front of visitors who use the Tor net ...
»Paper: How It Works: Steganography Hides Malware in Image Files
A new paper by CYREN researcher Lordian Mosuela takes a close look ...
»Paying a malware ransom is bad, but telling people to never do it is unhelpful advice
The current ransomware plague is one of the worst threats the Inter ...
»VB2015 paper: VolatilityBot: Malicious Code Extraction Made by and for Security Researchers
In his VB2015 paper, Martin Korman presented his 'VolatilyBot' tool ...
»VB2016 programme announced, registration opened
We have announced 37 papers (and four reserve papers) that will be ...
»New tool helps ransomware victims indentify the malware family
The people behind the MalwareHunterTeam have released a tool that h ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» Google Releases Security Update for Chrome
[26 May 2016 11:15am]

» Adobe Releases Security Update for Adobe Connect
[23 May 2016 01:44pm]

» VMware Releases Security Updates
[18 May 2016 03:20pm]

» Cisco Releases Security Updates
[18 May 2016 12:30pm]

» Symantec Releases Security Update
[16 May 2016 09:37pm]

» Apple Releases Multiple Security Updates
[16 May 2016 04:32pm]

» Adobe Releases Security Updates for Flash Player
[12 May 2016 11:39am]

» Google Releases Security Update for Chrome
[11 May 2016 03:59pm]

» Adobe Releases Security Updates
[10 May 2016 01:10pm]

» Microsoft Releases May 2016 Security Bulletin
[10 May 2016 01:07pm]

***
US-CERT Alerts

» TA16-144A: WPAD Name Collision Vulnerability
[23 May 2016 05:38am]

» TA16-132A: Exploitation of SAP Business Applications
[11 May 2016 05:31am]

» TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
[14 Apr 2016 01:48pm]

» TA16-091A: Ransomware and Recent Variants
[31 Mar 2016 04:00pm]

» TA15-337A: Dorkbot
[03 Dec 2015 04:40pm]

» TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance
[10 Nov 2015 06:12pm]

» TA15-286A: Dridex P2P Malware
[13 Oct 2015 05:23am]

» TA15-240A: Controlling Outbound DNS Access
[28 Aug 2015 11:31am]

» TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations
[01 Aug 2015 04:01pm]

» TA15-195A: Adobe Flash and Microsoft Windows Vulnerabilities
[14 Jul 2015 05:13pm]

***
Computerworld Security

» Privacy Shield needs improvement, says EU privacy watchdog
[31 May 2016 02:00pm]

» 65M Tumblr account records are up for sale on the underground market
[31 May 2016 07:55am]

» Review: New tools to fight insider threats
[31 May 2016 05:38am]

» Crying ‘Wolf!’ seems to work for security
[31 May 2016 05:00am]

» Pwned: 65 million Tumblr accounts, 40 million from Fling, 360 million from MySpace
[30 May 2016 07:17am]

» WordPress plug-in flaw puts over 1M websites at risk
[30 May 2016 07:00am]

» Iran orders messaging apps to store data of in-country users
[30 May 2016 06:40am]

» Malware links SWIFT breaches at banks to N. Korean hackers
[27 May 2016 11:01am]

» Senate proposal to require encryption workarounds may be dead
[27 May 2016 10:25am]

» New JavaScript spam wave distributes Locky ransomware
[27 May 2016 08:19am]

» What is MAREA? Oh, just an epic shift that changes everything
[27 May 2016 05:18am]

» Up to a dozen banks are reportedly investigating potential SWIFT breaches
[26 May 2016 02:14pm]

» Senators want warrant protections for U.S. email stored overseas
[26 May 2016 11:57am]

» Celebrity hacker Guccifer's confession gives us all a lesson in security
[26 May 2016 11:14am]

» IoT security is getting its own crash tests
[26 May 2016 05:09am]

***
Microsoft Security Advisories

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 11:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 11:00am]

» 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
[12 Jan 2016 11:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 11:00am]

» 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
[12 Jan 2016 11:00am]

» 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 53.0
[05 Jan 2016 11:00am]

» 3057154 - Update to Harden Use of DES Encryption - Version: 1.1
[08 Dec 2015 11:00am]

» 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
[08 Dec 2015 11:00am]

» 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0
[30 Nov 2015 11:00am]

» 3108638 - Update for Windows Hyper-V to Address CPU Weakness - Version: 1.0
[10 Nov 2015 11:00am]

» 3097966 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 2.0
[13 Oct 2015 11:00am]

» 2960358 - Update for Disabling RC4 in .NET TLS - Version: 2.0
[13 Oct 2015 11:00am]

***
WIRED

» Hack Brief: Your Old Myspace Account Just Came Back to Haunt You
[31 May 2016 02:58pm]

» How the Top 5 PC Makers Open Your Laptop to Hackers
[31 May 2016 07:00am]

» The Romanian Teen Hacker Who Hunts Bugs to Resist the Dark Side
[31 May 2016 05:00am]

» Security News This Week: Apple Hires a Crypto Guru for Future Battles With the Feds
[28 May 2016 05:00am]

» This Map Tracks Where Governments Hack Activists and Reporters
[26 May 2016 05:00am]

» A Car’s Computer Can ‘Fingerprint’ You in Minutes Based on How You Drive
[25 May 2016 10:24am]

» Security News This Week: Russia’s FindFace Face-Recognition App Is a Privacy Nightmare
[21 May 2016 05:00am]

» Gay Dating Apps Promise Privacy, But Leak Your Exact Location
[20 May 2016 05:00am]

» Chelsea Manning’s Appeal Took Three Years to File. Here’s Why
[19 May 2016 05:49pm]

» New Surveillance System May Let Cops Use All of the Cameras
[19 May 2016 05:00am]

***
Network World Security

» You've been warned: FCC emphasizes that users of authorized wireless gear must obey rules
[31 May 2016 10:01pm]

» How to craft a security awareness program that works
[31 May 2016 02:09pm]

» OEM software update tools preloaded on PCs are a security mess
[31 May 2016 12:59pm]

» Shadow IT 101: Beyond convenience vs. security
[31 May 2016 11:15am]

» Review: Hot new tools to fight insider threats
[31 May 2016 04:00am]

» 3 top tools to fight insider threats
[31 May 2016 04:00am]

» SIEM review: Splunk, ArcSight, LogRhythm and QRadar
[09 May 2016 02:00pm]

» What users love (and hate) about 4 leading firewall solutions
[25 Apr 2016 01:48pm]

» 10 no-cost home security mobile apps worth a download
[01 Apr 2016 06:39am]

» 7 VPN services for hotspot protection
[14 Mar 2016 04:00am]

» Review: Consider VPN services for hotspot protection
[14 Mar 2016 04:00am]

» Review: 5 application security testing tools compared
[01 Mar 2016 01:29pm]

» Skyport eases the pain of deploying and securing remote servers
[29 Feb 2016 04:00am]

» OEM software update tools preloaded on PCs are a security mess
[31 May 2016 12:59pm]

» Tor Browser 6.0: Ditches SHA-1 support, uses DuckDuckGo for default search results
[31 May 2016 09:18am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}