If you are looking for a risk management guide there are several references text to choose from. NIST SP 800-37, Risk Management Framework, ISO 31000:2009 Risk Management, ISACA RISK IT Framework, and ITSG-33 are all pretty good risk management guides
NIST SP 800-37, Guide for Applying the Risk Management
The US federal government uses NIST SP 800-37. The Defense Department uses DIARMF on which this site is based and DIARMF is based on NIST SP 800-37. The document is comprehensive and branches in to several other documents: NIST SP 800-39, Risk Management Security, NIST SP 800-30, Risk Assessment, NIST SP 800-53, Security controls and many others. The NIST risk management guides were developed by National Institute of Standards and Technology (NIST) in collaboration with the Office of the Director of National Intelligence (ODNI), the Department of Defense (DOD), and the Committee on National Security Systems (CNSS).
ISO 31000:2009 Risk Management Guide
ISO 31000:2009, Risk Management is a practical guide designed for any organization. Designed by the International Organization for Standardization (ISO) 31000: 2009 offers a robust open standard for risk management framework.
ISACA Risk IT Framework provides complete end to end guide for risk management of information technology addressing security threats exploiting asset vulnerabilities for corporations.
ITSG – IT Security Risk Management guide
Created by the Government of Canada’s, the ITSG is a IT Security Risk management guide ITSG-33 covers roles, responsibilities and activities of the Canadian risk management.
Leave a Reply
You must be logged in to post a comment.