Introduction to NIST SP 800-39

As an auditor, I’m often asked, “Why is it so important to manage information security risk?” and it’s because the information systems within your organization are subject to serious threats. They can have extremely adverse effects on your organizational operations, and your assets. Vulnerabilities that get exploited can compromise confidentiality, integrity and availability of the very systems and operations that drive your business forward. Luckily, we have an external resource for guidance on managing information security risk, and that’s NIST SP 800-39. This document gives us good guidelines for managing organizational, mission, and information security risk and provides a structured and flexible approach to managing that risk. It’s part of the NIST risk management series.  

Related Videos