BrightTALK – The Ultimate Goal: To Manage Information Security Governance and Risk Management
3.11 3.11.1 Risk Assessment
https://www.brighttalk.com/webcast/188/131269?utm_campaign=webcasts-search-results-feed&utm_content=grc%20tool&utm_source=brighttalk-portal&utm_medium=web
This webinar discusses the means for managing security for information assets and the means for assessing and mitigating the risk to organizational information assets.
Center for Internet Security – Risk Assessment Method
3.11 3.11.1 Risk Assessment
https://learn.cisecurity.org/cis-ram
This link provides information about CIS RAM, an information security risk assessment method.
Cybersecurity and Infrastructure Security Agency – Cyber Resilience Review (CRR)
3.11 3.11.1 Risk Assessment
https://www.cisa.gov/resources-tools/resources/cyber-resilience-review-downloadable-resources
The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.
ISACA – Performing an Information Security and Privacy Risk Assessment
3.11 3.11.1 Risk Assessment
https://www.isaca.org/resources/news-and-trends/industry-news/2022/performing-an-information-security-and-privacy-risk-assessment
This article from ISACA discusses Information Security and Privacy Risk Assessment Methodology.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
This NIST Special Publication is a guide to the basic technical aspects of conducting information security assessments.
NIST SP 800-30 Guide for Conducting Risk Assessments
3.11 3.11.1 Risk Assessment
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
This NIST Special Publication provides guidance for conducting risk assessments.
https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt16603a027193d8b9/5e9e0685f92340115007214d/risk_assessment_policy.pdf
This SANS provided policy discusses performing periodic information security risk assessments.
https://www.sans.org/white-papers/34180/
This SANS whitepaper looks at how a vulnerability management process could be designed and implemented within an organization.
