Managing Information Security Risk: Organization, Mission, and Information System View
Shirley M. Radack
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-39, Integrated Enterprise-Wide Risk Management: Organization, Mission and Information System View. This publication was developed by the Joint Task Force Transformation Initiative, a joint partnership among the Department of Defense, the Intelligence Community, NIST, and the Committee on National Security Systems. SP 800-39 provides a structured, yet flexible approach for managing risk that is supported by other NIST security standards and guidelines. The bulletin discusses the contents of the publication, explains the basic concepts and components of risk management, and describes a three-tiered risk management approach that allows organizations to establish an enterprise-wide risk management strategy as part of their governance structure. References are provided to additional sources of information on risk management.
confidentiality, cyber security, enterprise architecture, Federal Information Processing Standards, Federal Information Security Management Act, FISMA, information security, information security architecture, information security risk, information systems, Joint Task Force Transformation Initiative, NIST Special Publications, risk assessments, risk management, Risk Management Framework, security controls, security plans, security requirements, security risks, threats, vulnerabilities
Managing Information Security Risk: Organization, Mission, and Information System View, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=908207
(Accessed June 5, 2023)