NIST’s Guide for Conducting Risk Assessments


NIST just released the initial pubilc draft of their Special Publication 800-30 (Rev. 1), "Guide for Conducting Risk Assessments." The content of this document looks eerily familliar – it's very similar to the methodology that I created when I worked for a Big 4 (it was Big 5 back then) consulting firm in the dot-com era.

But then it's very likely that everyone's risk assessment methodology looked pretty much the same back then. That's what happens when you try to to find "best practices" and write them down. And even though the dot-com era is over a decade in the past, it's good to see NIST coming up with what's turned out to be fairly effective and useful in the commercial world.

Leave a Reply

Your email address will not be published. Required fields are marked *