The National Institute of Standards and Technology (NIST) has released a final version of its risk assessment guidelines. The new publication is called Guide for Conducting Risk Assessments - and that is all that it focuses on.
It covers the four elements of a standard risk assessment: threats, vulnerabilities, impact to missions and business operations, and the likelihood of threat exploitation of vulnerabilities in information systems and their physical environment to cause harm. Amazing how boring they can make it sound.
NIST says the guide is designed for organizations large and small, so it may be worth a look in spite of the stodgy language. Hat tip to our colleague and friend Alan Goldberg.
E-mail firstname.lastname@example.org Phone: 703-359-0700