Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

TR3: Risk Assessment using NIST SP 800-30 and SP 800-39

Thursday, 6 December 2012
15:30 - 16:50


Risk Assessments are an essential tool for organizations to employ as part of a comprehensive risk management program. The risk assessment guidance includes in-depth information on a wide variety of risk factors essential to determining information security risk (e.g., threat sources and events, vulnerabilities and predisposing conditions, impact, and likelihood of threat occurrence). A three-step process is described including key activities to prepare for risk assessments, activities to successfully conduct risk assessments, and approaches to maintain the currency of assessment results. Guidance also describes how to apply the process at the three tiers in the risk management hierarchy – the organization level, mission/business process level, and information system level.  The objectives of risk assessment are to:


Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC