Term:Risk Management
Contents
- 1 CNSSI 4009
- 2 DoD 8580.02-R
- 3 DoDI 8100.03
- 4 DoDI 8551.01
- 5 DSS Glossary
- 6 GAO-09-232G
- 7 NIST FIPS 200
- 8 NIST IR 7298
- 9 NIST IR 7298
- 10 NIST IR 7298
- 11 NIST IR 7328 Draft
- 12 NIST SP 800-123
- 13 NIST SP 800-16
- 14 NIST SP 800-18r1
- 15 NIST SP 800-26
- 16 NIST SP 800-27rA
- 17 NIST SP 800-30
- 18 NIST SP 800-33
- 19 NIST SP 800-34
- 20 NIST SP 800-37r1 Draft
- 21 NIST SP 800-37
- 22 NIST SP 800-39 Draft 2
- 23 NIST SP 800-53A
- 24 NIST SP 800-53r1
- 25 NIST SP 800-53r2
- 26 NIST SP 800-53r3
- 27 NIST SP 800-82 Final Draft
- 28 NSTISSI 1000
CNSSI 4009
Risk Management - Process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regualations. [NIST Special Pub 800-53]
DoD 8580.02-R
Risk Management - For the purpose of this Regulation, risk management is the process of identifying and applying countermeasures commensurate with the value of the assets protected based on a risk assessment. DL1.47.
DoDI 8100.03
Risk Management - Process concerned with the identification, measurement, control, and minimization of security risks in IT systems to a level commensurate with the value of the assets protected. E2.1.33.
DoDI 8551.01
Risk Management - A process concerned with the identification, measurement, control, and minimization of security risks in IT systems to a level commensurate with the value of the assets protected ( reference (f)). E2.1.17.
DSS Glossary
Risk Management - Security philosophy postulating that adversaries are all-knowing and highly competent, against which risks are avoided by maximizing defenses and minimizing vulnerabilities.
GAO-09-232G
Risk Management - A management approach designed to reduce risks inherent in systems development and operations.
NIST FIPS 200
Risk Management - The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system.
NIST IR 7298
Risk Management - The process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regulations. SOURCE: SP 800-53
NIST IR 7298
Risk Management - The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes:
- 1) the conduct of a risk assessment;
- 2) the implementation of a risk mitigation strategy; and
- 3) employment of techniques and procedures for the continuous monitoring of the security state of the information system. SOURCE: FIPS 200
NIST IR 7298
Risk Management - The process of-
- 1) estimating potential losses due to the use of or dependence upon automated information system technology,
- 2) analyzing potential threats and system vulnerabilities that contribute to loss estimates, and
- 3) selecting cost effective safeguards that reduce risk to an acceptable level. SOURCE: FIPS 191
NIST IR 7328 Draft
Risk Management - The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system. [FIPS 200]
NIST SP 800-123
Risk Management - The process of selecting and implementing controls to reduce risk to a level acceptable to the organization.
NIST SP 800-16
Risk Management - the on-going process of assessing the risk to IT resources and information, as part of a risk-based approach used to determine adequate security for a system, by analyzing the threats and vulnerabilities and selecting appropriate cost-effective controls to achieve and maintain an acceptable level of risk.
NIST SP 800-18r1
Risk Management - The process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regulations. [NIST SP 800-30]
NIST SP 800-26
Risk Management - Risk Management is the ongoing process of assessing the risk to automated information resources and information, as part of a risk-based approach used to determine adequate security for a system by analyzing the threats and vulnerabilities and selecting appropriate cost-effective controls to achieve and maintain an acceptable level of risk.
NIST SP 800-27rA
Risk Management - The ongoing process of assessing the risk to mission/business as part of a risk-based approach used to determine adequate security for a system by analyzing the threats and vulnerabilities and selecting appropriate, cost effective controls to achieve and maintain an acceptable level or risk.
NIST SP 800-30
Risk Management - The total process of identifying, controlling, and mitigating information system-related risks. It includes risk assessment; cost-benefit analysis; and the selection, implementation, test, and security evaluation of safeguards. This overall system security review considers both effectiveness and efficiency, including impact on the mission and constraints due to policy, regulations, and laws.
NIST SP 800-33
Risk Management - The total process of identifying, controlling, and mitigating information technology related risks. It includes risk analysis; cost-benefit analysis; and the selection, implementation, test, and security evaluation of safeguards. This overall system security review considers both effectiveness and efficiency, including impact on the mission/business and constraints due to policy, regulations, and laws.
NIST SP 800-34
Risk Management - The ongoing process of assessing the risk to mission/business as part of a risk-based approach used to determine adequate security for a system by analyzing the threats and vulnerabilities and selecting appropriate, cost-effective controls to achieve and maintain an acceptable level or risk.
NIST SP 800-37r1 Draft
Risk Management - A management process employed by an organization to achieve and maintain an acceptable level of risk. The Risk Management Framework describes the recommended process for managing information system-related security risks. [NIST SP 800-39]
NIST SP 800-37
Risk Management - The process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regulations. [NIST SP 800-3730]
NIST SP 800-39 Draft 2
Risk Management - The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation resulting from the operation or use of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system. [FIPS 200 Adapted]
NIST SP 800-53A
Risk Management - The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system. [FIPS 200]
NIST SP 800-53r1
Risk Management - The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system.
NIST SP 800-53r2
Risk Management - The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system. [FIPS 200]
NIST SP 800-53r3
Risk Management - The process of managing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system. [FIPS 200, Adapted]
NIST SP 800-82 Final Draft
Risk Management - The process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regulations.[NIST SP 800-30, Risk Management Guide for Information Technology Systems, July 2002.]
NSTISSI 1000
Risk Management - Process concerned with the identification, measurement, control, and minimization of security risks in information systems to a level commensurate with the value of the assets protected.
- Term
- CNSSI 4009 Terms
- CNSS Terms
- NIACAP Terms
- DIACAP Terms
- DoD 8580.02-R Terms
- DoD Terms
- DoDI 8100.03 Terms
- DoDI 8551.01 Terms
- DSS Glossary Terms
- DSS Terms
- GAO-09-232G Terms
- FISCAM Terms
- GAO Terms
- NIST FIPS 200 Terms
- FISMA Terms
- NIST IR 7298 Terms
- NIST IR 7328 Draft Terms
- NIST Terms
- NIST SP 800-123 Terms
- NIST SP 800-16 Terms
- NIST SP 800-18r1 Terms
- NIST SP 800-26 Terms
- NIST SP 800-27rA Terms
- NIST SP 800-30 Terms
- NIST SP 800-33 Terms
- NIST SP 800-34 Terms
- NIST SP 800-37r1 Draft Terms
- NIST SP 800-37 Terms
- NIST SP 800-39 Draft 2 Terms
- NIST SP 800-53A Terms
- NIST SP 800-53r1 Terms
- NIST SP 800-53r2 Terms
- NIST SP 800-53r3 Terms
- NIST SP 800-82 Final Draft Terms
- NSTISSI 1000 Terms
- NSTISSC Terms
