800-30 RISK MANAGEMENT GUIDE FOR INFORMATION TECHNOLOGY SYSTEMS

What is NIST 800-30?

The purpose of Special Publication 800-30 is to provide guidance for conducting risk provides a foundation for the development of an effective risk management program and contains the definitions and the practical guidance for assessing and mitigating risks, provides information on the selection of cost-effective security controls.Risk assessments, carried out at all three tiers in the risk management hierarchy, are part of an overall risk management process providing senior leaders/executives with the information needed to determine appropriate courses of action in response to identified risks.

Why is important for you?

Achieving and maintaining compliance protects your business from fines and penalties, and ultimately keeps clients, partners, or upper management happy. The results of your Risk Assessment guide your remediation efforts and risk management efforts moving forward.

 

Who should attend?

  • Senior Management
  • Chief Information Officer (CIO)
  • System and information owners
  • Business and Functional Managers
  • ISSO (responsible for security programs, including risk management)
  • IT Security Practitioners
  • Security Awareness Trainers.

Learning Objectivies

  • Prepare for assessment by identifying scope
  • Identify threat sources
  • Identify vulnerabilities
  • Determine likelihood of threat events occurring
  • Determine magnitude of impact of threat events
  • Risk determination (likelihood + magnitude of threat events
  • Communicate results
  • Monitor risk factors going forward

Benefits of NIST 800-30

NIST 800-30 brings with it many benefits, including knowledge of:

  • Analysis approach,
  • Monitoring risk,
  • Risk assessment,
  • Risk management,
  • Risk Management Framework,
  • Risk model, RMF,
  • Threat sources

General Information

NIST standards are based on best practices from several security documents, organizations, and publications, and are designed as a framework for federal agencies and programs requiring stringent security measures.