Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

TR3: Risk Assessment using NIST SP 800-30 and SP 800-39

Thursday, 6 December 2012
13:30 - 15:00


Risk Assessments are an essential tool for organizations to employ as part of a comprehensive risk management program. The risk assessment guidance includes in-depth information on a wide variety of risk factors essential to determining information security risk (e.g., threat sources and events, vulnerabilities and predisposing conditions, impact, and likelihood of threat occurrence). A three-step process is described including key activities to prepare for risk assessments, activities to successfully conduct risk assessments, and approaches to maintain the currency of assessment results. Guidance also describes how to apply the process at the three tiers in the risk management hierarchy – the organization level, mission/business process level, and information system level.  The objectives of risk assessment are to:

Dr. Marshall D. Abrams is a Principal Scientist at MITRE, McLean.  He holds two patents and has taught cyber security courses on six continents.  He received the BSEE from Carnegie Institute of Technology and the MSEE and Ph.D. from the University of Pittsburgh.  While at the (then) National Bureau of Standards he received the Department of Commerce Silver Metal Award.  Two awards were received from the Federal Aviation Administration for contributions to the Information Systems Security Program.  He continues to contribute to NIST standards and guidelines concerning cyber security and to FAA cyber security.


Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC