NIST Special Publication 800-30

Citation
NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems (July 2002) (full-text.)

Overview
This guide provides a foundation for the development of an effective risk management program, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems. The ultimate goal is to help organizations to better manage IT-related mission risks.