NIST SP 800-39 Appendix E
From FISMApedia
|
APPENDIX E
RISK MANAGEMENT PROCESS TASKS
SUMMARY OF TASKS FOR STEPS IN THE RISK MANAGEMENT PROCESS
| TASK | TASK DESCRIPTION |
Step 1: Risk Framing | |
| TASK 1-1 RISK ASSUMPTIONS | Identify assumptions that affect how risk is assessed, responded to, and monitored within the organization. |
| TASK 1-2 RISK CONSTRAINTS | Identify constraints on the conduct of risk assessment, risk response, and risk monitoring activities within the organization. |
| TASK 1-3 RISK TOLERANCE | Identify the level of risk tolerance for the organization. |
| TASK 1-4 PRIORITIES AND TRADE-OFFS | Identify priorities and trade-offs considered by the organization in managing risk. |
Step 2: Risk Assessment | |
| TASK 2-1 THREAT AND VULNERABILITY IDENTIFICATION | Identify threats to and vulnerabilities in organizational information systems and the environments in which the systems operate. |
| TASK 2-2 RISK DETERMINATION | Determine the risk to organizational operations and assets, individuals, other organizations, and the Nation if identified threats exploit identified vulnerabilities. |
Step 3: Risk Response | |
| TASK 3-1 RISK RESPONSE IDENTIFICATION | Identify alternative courses of action to respond to risk determined during the risk assessment. |
| TASK 3-2 EVALUATION OF ALTERNATIVES | Evaluate alternative courses of action for responding to risk. |
| TASK 3-3 RISK RESPONSE DECISION | Decide on the appropriate course of action for responding to risk. |
| TASK 3-4 RISK RESPONSE IMPLEMENTATION | Implement the course of action selected to respond to risk. |
Step 4: Risk Monitoring | |
| TASK 4-1 RISK MONITORING STRATEGY | Develop a risk monitoring strategy for the organization that includes the purpose, type, and frequency of monitoring activities. |
| TASK 4-2 RISK MONITORING | Monitor organizational information systems and environments of operation on an ongoing basis to verify compliance, determine effectiveness of risk response measures, and identify changes. |
del.icio.us
digg
Facebook
Newsvine
reddit
Slashdot
