Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Managing Information Security Risk: Organization, Mission, and Information System View



Shirley M. Radack


This bulletin summarizes the information presented in NIST Special Publication (SP) 800-39, Integrated Enterprise-Wide Risk Management: Organization, Mission and Information System View. This publication was developed by the Joint Task Force Transformation Initiative, a joint partnership among the Department of Defense, the Intelligence Community, NIST, and the Committee on National Security Systems. SP 800-39 provides a structured, yet flexible approach for managing risk that is supported by other NIST security standards and guidelines. The bulletin discusses the contents of the publication, explains the basic concepts and components of risk management, and describes a three-tiered risk management approach that allows organizations to establish an enterprise-wide risk management strategy as part of their governance structure. References are provided to additional sources of information on risk management.
ITL Bulletin -


confidentiality, cyber security, enterprise architecture, Federal Information Processing Standards, Federal Information Security Management Act, FISMA, information security, information security architecture, information security risk, information systems, Joint Task Force Transformation Initiative, NIST Special Publications, risk assessments, risk management, Risk Management Framework, security controls, security plans, security requirements, security risks, threats, vulnerabilities


Radack, S. (2011), Managing Information Security Risk: Organization, Mission, and Information System View, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed April 16, 2024)
Created March 22, 2011, Updated January 27, 2020