Guide for Conducting Risk Assessments
Organizations in the public and private sectors depend on information systems to successfully carry out their missions and business functions. Information systems can include very diverse entities ranging from office networks, financial and personnel systems to very specialized systems (e.g., weapons systems, telecommunications systems, industrial/process control systems and environmental control systems). Information systems are subject to serious threats that can have adverse effects on organizational operations (i.e., missions, functions, image or reputation), organizational assets, individuals, other organizations and the nation by exploiting both known and unknown vulnerabilities to compromise the confidentiality, integrity or availability of the information being processed, stored or transmitted by those systems.
Threats to information and information systems can include purposeful attacks, environmental disruptions and human/machine errors and result in great harm to the national and economic security interests of the United States. Therefore, it is imperative that leaders and managers at all levels understand their responsibilities and are held accountable for managing information security risk — that is, the risk associated with the operation and use of information systems that support the missions and business functions of their organizations.
Included in this ZIP file are:
- Intro Page.doc
- Terms and Conditions.pdf
- Guide for Conducting Risk Assessments.pdf