Citation[edit | edit source]

NIST, Risk Management Guide for Information Technology Systems (NIST Special Publication 800-30) (July 2002) (full-text).

Overview[edit | edit source]

This guide provides a foundation for the development of an effective risk management program, containing both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems. It also provides information on the selection of cost-effective security controls that can be used to mitigate risk for the better protection of mission-critical information and the IT systems that process, store, and carry this information.

The ultimate goal is to help organizations to better manage IT-related mission risks.

Community content is available under CC-BY-SA unless otherwise noted.