U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Managing Information Security Risk: Organization, Mission, and Information System View

Published

Author(s)

Ronald S. Ross

Abstract

The purpose of Special Publication 800-39 is to provide guidance for an integrated, organization-wide program for managing information security risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation resulting from the operation and use of federal information systems. Special Publication 800-39 provides a structured, yet flexible approach for managing information security risk that is intentionally broad-based, with the specific details of assessing, responding to, and monitoring risk on an ongoing basis provided by other supporting NIST security standards and guidelines. The guidance provided in this publication is not intended to replace or subsume other risk-related activities, programs, processes, or approaches that organizations have implemented or intend to implement addressing areas of risk management covered by other legislation, directives, policies, programmatic initiatives, or mission/business requirements. Rather, the information security risk management guidance described herein is complementary to and can be used as part of a more comprehensive Enterprise Risk Management (ERM) program.
Citation
Special Publication (NIST SP) - 800-39
Report Number
800-39
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

Local Download

Keywords

risk management, security, risk assessment, roles, responsibilities, organization, mission, information system, enterprise risk management, continuous monitoring, joint task force transformation initiative.
Information technology

Citation

Ross, R. (2011), Managing Information Security Risk: Organization, Mission, and Information System View, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=908030 (Accessed November 20, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created March 1, 2011, Updated February 19, 2017