Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publication Citation: Guide for Conducting Risk Assessments

NIST Authors in Bold

Author(s): Ronald S. Ross;
Title: Guide for Conducting Risk Assessments
Published: September 17, 2012
Abstract: The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance provided in Special Publication 800-39. This document provides guidance for carrying out each of the three steps in the risk assessment process (i.e., prepare for the assessment, conduct the assessment, and maintain the assessment) and how risk assessments and other organizational risk management processes complement and inform each other. [Supersedes SP 800-30 (July 2002): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151254]
Citation: Special Publication (NIST SP) - 800-30 Rev 1
Pages: 95 pp.
Keywords: analysis approach, monitoring risk, risk assessment, risk management, Risk Management Framework, risk model, RMF, threat sources
Research Areas: Information Technology, Computer Security
DOI: http://dx.doi.org/10.6028/NIST.SP.800-30r1