NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
NIST SP 800-30 Risk Management Guide for Information Technology Systems
on Saturday 21 January 2006 print the content item {PDF=create pdf file of the content item^plugin:content.40}
in NIST.gov Publications > Special Publications - SP 800 series

Every organization has a mission. In this digital era, as organizations use automated information technology (IT) systems to process their information for better support of their missions, risk management plays a critical role in protecting an organization’s information assets, and therefore its mission, from IT-related risk.

Download NIST Special Publication 800-30

Please use the NIST.org Forum to ask questions or discuss this document. Members can use the comment link below for short comments about this publication.


(The below SP 800-40 description is from NIST.gov, edited)

An effective risk management process is an important component of a successful IT security program. The principal goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.

The SP 800-30 document was created by the National Institute of Standards and Technology and is public domain (not subject to copyright).



NIST Special Publication # 800-30


Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2000-0088 (office, office_converter_pack, powerpoint, word)
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows ...
»CVE-2003-0003 (windows_2000, windows_2000_terminal_services, windows_nt, windows_xp)
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Ser ...
»CVE-2003-0820 (word, works)
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not prope ...
»CVE-2003-0821 (word, works)
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadshe ...
»CVE-2006-2356 (whatsup)
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 ...
»CVE-2006-2387 (office)
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel View ...
»CVE-2006-3449 (powerpoint)
Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, all ...
»CVE-2006-3650 (office)
Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a ...
»CVE-2006-3876 (office)
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
»CVE-2006-5331 (linux_kernel)
The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before ...
»CVE-2008-4446 (nucleus)
Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attack ...
»CVE-2009-1198 (juddi)
Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to injec ...
»CVE-2011-1935 (libpcap)
pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is ...
»CVE-2012-1622 (ofbiz)
Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecifi ...
»CVE-2012-4567 (letodms)
Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow r ...


Date published: 2017-11-17T23:00:08Z
Details

»Holiday Scams and Malware Campaigns
Original release date: November 16, 2017 | Last revised: November 17, 2017 US-CERT reminds us ...
»Oracle Releases Security Alert
Original release date: November 16, 2017 Oracle has released a security alert to address mult ...
»Cisco Releases Security Update
Original release date: November 15, 2017 Cisco has released a security update to address a vu ...
»Mozilla Releases Security Updates
Original release date: November 14, 2017 Mozilla has released security updates to address mul ...
»Microsoft Releases November 2017 Security Updates
Original release date: November 14, 2017 Microsoft has released updates to address vulnerabil ...
»Adobe Releases Security Updates
Original release date: November 14, 2017 Adobe has released security updates to address vulne ...
»Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)
Original release date: November 09, 2017 Microsoft has released an advisory that provides gui ...
»Joomla! Releases Security Update
Original release date: November 07, 2017 Joomla! has released version 3.8.2 of its Content Ma ...
»Google Releases Security Update for Chrome
Original release date: November 06, 2017 Google has released Chrome version 62.0.3202.89 for ...
»Cisco Releases Security Update for IOS XE Software
Original release date: November 03, 2017 Cisco has released a security update to address a vu ...


Date published: not known
Details

»Standalone product test: FireEye Endpoint
Virus Bulletin ran a standalone test on FireEye's Endpoint Security ...
»VB2017 video: Consequences of bad security in health care
Jelena Milosevic, a nurse with a passion for IT security, is unique ...
»Vulnerabilities play only a tiny role in the security risks that come with mobile phones
Both bad news (all devices were pwnd) and good news (pwning is incr ...
»VB2017 paper: The (testing) world turned upside down
At VB2017 in Madrid, industry veteran and ESET Senior Research Fell ...
»VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel
Trickbot, a banking trojan which appeared this year, seems to be a ...
»Paper: FAME - Friendly Malware Analysis Framework
Today, we publish a short paper in which CERT Société Générale pres ...
»Ebury and Mayhem server malware families still active
Ebury and Mayhem, two families of Linux server malware, about which ...
»VB2017 paper: Crypton - exposing malware's deepest secrets
Crypton, a tool developed by F5 Networks researchers Julia Karpin a ...
»VB2017 paper: The sprawling market of consumer spyware
For many people, the threat of an abusive partner or ex-partner is ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» Holiday Scams and Malware Campaigns
[16 Nov 2017 06:41pm]

» Oracle Releases Security Alert
[16 Nov 2017 02:39pm]

» Cisco Releases Security Update
[15 Nov 2017 10:24am]

» Mozilla Releases Security Updates
[14 Nov 2017 01:36pm]

» Microsoft Releases November 2017 Security Updates
[14 Nov 2017 11:50am]

» Adobe Releases Security Updates
[14 Nov 2017 10:41am]

» Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)
[09 Nov 2017 01:19pm]

» Joomla! Releases Security Update
[07 Nov 2017 09:40am]

» Google Releases Security Update for Chrome
[06 Nov 2017 03:50pm]

» Cisco Releases Security Update for IOS XE Software
[03 Nov 2017 02:35pm]

***
US-CERT Alerts

» TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer
[14 Nov 2017 12:00pm]

» TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL
[14 Nov 2017 11:09am]

» TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors
[20 Oct 2017 04:50pm]

» TA17-181A: Petya Ransomware
[30 Jun 2017 11:41pm]

» TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
[13 Jun 2017 09:45am]

» TA17-163A: CrashOverride Malware
[12 Jun 2017 03:44pm]

» TA17-156A: Reducing the Risk of SNMP Abuse
[05 Jun 2017 06:11pm]

» TA17-132A: Indicators Associated With WannaCry Ransomware
[12 May 2017 07:36pm]

» TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors
[27 Apr 2017 04:50pm]

» TA17-075A: HTTPS Interception Weakens TLS Security
[16 Mar 2017 06:40am]

***
Computerworld Security

» Strong and stable: The iOS security guide
[17 Nov 2017 09:36am]

» Patch alert: Microsoft acknowledges printer bug; forced 1709 upgrades continue
[17 Nov 2017 07:06am]

» Microsoft forces Win10 1703 customers onto 1709, and other Patch Tuesday shenanigans
[15 Nov 2017 11:52am]

» 11% off August Smart Lock Pro With Connect Bundle - Deal Alert
[15 Nov 2017 07:46am]

» Lock it down: The macOS security guide
[15 Nov 2017 07:11am]

» ‘Hey Siri, buy $100 Bitcoin for the burglar guy’
[14 Nov 2017 07:08am]

» Ransomware marketplaces and the future of malware | Salted Hash Ep 6
[13 Nov 2017 05:00am]

» The top 5 problems with blockchain
[10 Nov 2017 04:11am]

» Mingis on Tech: The iPhone X – best phone for business, or best phone ever?
[09 Nov 2017 03:15pm]

» Android security audit: An 11-step checklist
[09 Nov 2017 10:36am]

» 15% off APC 11-Outlet Surge Protector with USB Charging Ports and SurgeArrest - Deal Alert
[08 Nov 2017 06:35am]

» What is blockchain? The most disruptive tech in decades
[07 Nov 2017 06:06pm]

» When Google Play Protect fails
[07 Nov 2017 09:34am]

» Temporarily turn off Windows Automatic Update
[07 Nov 2017 04:35am]

» Microsoft yanks buggy Windows patches KB 4052233, 4052234, 4052235
[06 Nov 2017 07:39am]

***
Microsoft Security Advisories

» 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 1.0
[08 Nov 2017 11:00am]

» 4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
[08 Aug 2017 11:00am]

» 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
[27 Jun 2017 11:00am]

» 4025685 - Guidance related to June 2017 security update release - Version: 1.0
[13 Jun 2017 11:00am]

» 4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
[12 May 2017 11:00am]

» 4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
[12 May 2017 11:00am]

» 4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege - Version: 1.1
[10 May 2017 11:00am]

» 4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0
[09 May 2017 11:00am]

» 3123479 - SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[14 Mar 2017 11:00am]

» 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0
[27 Jan 2017 11:00am]

» 3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0
[10 Jan 2017 11:00am]

» 3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
[13 Sep 2016 11:00am]

» 3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
[13 Sep 2016 11:00am]

» 3179528 - Update for Kernel Mode Blacklist - Version: 1.0
[09 Aug 2016 11:00am]

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

***
Security Latest

» Everything Attorney General Jeff Sessions Has Forgotten Under Oath
[17 Nov 2017 10:03am]

» Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera
[16 Nov 2017 05:00am]

» The Vulnerabilities Equities Process Still Has Issues Even After Added Transparency
[15 Nov 2017 05:33pm]

» OnePlus Phones Have an Unfortunate Backdoor Built In
[14 Nov 2017 02:57pm]

» How to Lock Down Your Facebook Privacy Settings
[14 Nov 2017 07:10am]

» Inside the Decades-Long Fight for Better Emergency Alerts
[14 Nov 2017 06:00am]

» Watch a 10-Year-Old Beat Apple's Face ID on His Mom's iPhone X
[14 Nov 2017 05:00am]

» How One Woman's Digital Life Was Weaponized Against Her
[14 Nov 2017 04:00am]

» Donald Trump Jr. and WikiLeaks Talking Privately on Twitter Makes Perfect Sense
[13 Nov 2017 09:14pm]

» Hackers Claim to Break Face ID a Week After iPhone X Release
[12 Nov 2017 04:44pm]

» Donald Trump’s Taxes Have Probably Already Been Hacked
[12 Nov 2017 05:00am]

» $280M Worth of Ethereum Is Trapped Thanks to a Dumb Bug
[11 Nov 2017 05:00am]

» Facebook Isn't Listening Through Your Phone's Microphone. It Doesn't Have To
[10 Nov 2017 08:45am]

» Department of Defense's 'Hack the Pentagon' Bug Bounty Program Helps Fix Thousands of Bugs
[10 Nov 2017 05:00am]

» How Journalists Fought Back Against Crippling Email and Subscription Bombs
[09 Nov 2017 05:00am]

***
Network World Security

» Docs should help design medical IoT
[17 Nov 2017 05:04am]

» 11% off August Smart Lock Pro With Connect Bundle - Deal Alert
[15 Nov 2017 07:46am]

» Forrester predicts what’s next for IoT
[14 Nov 2017 08:17am]

» What to consider when deploying a next-generation firewall
[08 Nov 2017 11:51am]

» 7 free tools every network needs
[15 Aug 2017 01:52pm]

» Gravityscan, keeping WordPress sites safe
[24 May 2017 02:34pm]

» Network monitoring tools: Features users love and hate
[01 May 2017 04:51am]

» Book Review: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
[27 Apr 2017 12:45pm]

» Fight firewall sprawl with AlgoSec, Tufin, Skybox suites
[10 Apr 2017 04:32am]

» Review: Canary Flex security camera lives up to its name
[24 Mar 2017 07:01am]

» Zix wins 5-vendor email encryption shootout
[13 Mar 2017 04:00am]

» Review: vArmour flips security on its head
[06 Mar 2017 03:50am]

» 5 open source security tools too good to ignore
[21 Feb 2017 07:12am]

» 11% off August Smart Lock Pro With Connect Bundle - Deal Alert
[15 Nov 2017 07:46am]

» Forrester predicts what’s next for IoT
[14 Nov 2017 08:17am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}