Category:NIST SP 800-39

From FISMApedia
Revision as of 04:40, 3 March 2011 by DanPhilpott (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Table of Contents

FRONT MATTER
CHAPTER ONE INTRODUCTION
1.1 PURPOSE AND APPLICABILITY
1.2 TARGET AUDIENCE
1.3 RELATED PUBLICATIONS
1.4 ORGANIZATION OF THIS SPECIAL PUBLICATION
CHAPTER TWO THE FUNDAMENTALS
2.1 COMPONENTS OF RISK MANAGEMENT
2.2 MULTITIERED RISK MANAGEMENT
2.3 TIER ONE--ORGANIZATION VIEW
2.4 TIER TWO--MISSION/BUSINESS PROCESS VIEW
2.5 TIER THREE--INFORMATION SYSTEMS VIEW
2.6 TRUST AND TRUSTWORTHINESS
2.7 ORGANIZATIONAL CULTURE
2.8 RELATIONSHIP AMONG KEY RISK CONCEPTS
CHAPTER THREE THE PROCESS
3.1 FRAMING RISK
3.2 ASSESSING RISK
3.3 RESPONDING TO RISK
3.4 MONITORING RISK
APPENDIX A REFERENCES
APPENDIX B GLOSSARY
APPENDIX C ACRONYMS
APPENDIX D ROLES AND RESPONSIBILITIES
APPENDIX E RISK MANAGEMENT PROCESS TASKS
APPENDIX F GOVERNANCE MODELS
APPENDIX G TRUST MODELS
APPENDIX H RISK RESPONSE STRATEGIES


Prologue

"...Through the process of risk management, leaders must consider risk to U.S. interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations..."
"...For operational plans development, the combination of threats, vulnerabilities, and impacts must be evaluated in order to identify important trends and decide where effort should be applied to eliminate or reduce threat capabilities; eliminate or reduce vulnerabilities; and assess, coordinate, and deconflict all cyberspace operations..."
"...Leaders at all levels are accountable for ensuring readiness and security to the same degree as in any other domain..."


-- THE NATIONAL STRATEGY FOR CYBERSPACE OPERATIONS

OFFICE OF THE CHAIRMAN, JOINT CHIEFS OF STAFF, U.S. DEPARTMENT OF DEFENSE


Sources