http://gcn.com/articles/2012/09/21/nist-risk-assessment-guide.aspx By William Jackson GCN.com Sep 21, 2012 The National Institute of Standards and Technology has released revised guidelines for risk assessment, outlining updated steps for establishing risk-based security in federal information systems. Risk assessment is identifying, estimating and prioritizing the risks to an organization’s operations and assets so that they can be effectively addressed. Special Publication 800-30 Rev. 1, Guide for Conducting Risk Assessments, is the last of five documents initially planned by an interagency task force to help harmonize IT security requirements across civilian agencies, the military and the intelligence communities. The significance of the effort is enormous, said Ron Ross, a NIST fellow in the Computer Security Division. “For the first time in over four decades we are moving toward a common information security framework for all government,” Ross said. “It’s going to take a while to get all of the documents operationalized, but the transition is well under way.” [...] -- ExpandingSecurity.com Live OnLine classes won’t wreck your schedule. Get that cert and be done before 2012 ends. Last ISSAP 2012 class starts Sept. 25th. Last 2012 CISSP and CEH starts Oct. 1: CEH info signup: http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/ CISSP info signup: http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/ ISSAP info signup: http://www.expandingsecurity.com/product/issap-information-systems-security-architecture-professional/Received on Mon Sep 24 2012 - 01:29:25 PDT
This archive was generated by hypermail 2.2.0 : Mon Sep 24 2012 - 01:27:08 PDT