NIST Special Publication 800-39 Managing Information Security Risk

Book excerpt: This is a Hard copy of the NIST Special Publication 800-39, Managing InformationSecurity Risk Recommendations of the National Institute of Standards and Technology.NIST Special Publication 800-39 is the flagship document in the series of information securitystandards and guidelines developed by NIST in response to FISMA. The purpose of SpecialPublication 800-39 is to provide guidance for an integrated, organization-wide program formanaging information security risk to organizational operations (i.e., mission, functions, image,and reputation), organizational assets, individuals, other organizations, and the Nation resultingfrom the operation and use of federal information systems. Special Publication 800-39 provides a structured, yet flexible approach for managing risk that is intentionally broad-based, with the specific details of assessing, responding to, and monitoring risk on an ongoing basis provided by other supporting NIST security standards and guidelines. The guidance provided in this publication is not intended to replace or subsume other risk-related activities, programs, processes, or approaches that organizations have implemented or intend to implement addressing areas of risk management covered by other legislation, directives, policies, programmatic initiatives, or mission/business requirements. Rather, the risk management guidance described herein is complementary to and should be used as part of a more comprehensive Enterprise Risk Management (ERM) program.Disclaimer This hardcopy is not published by National Institute of Standards and Technology (NIST), the US Government or US Department of Commerce. The publication of this document should not in any way imply any relationship or affiliation to the above named organizations and Government.