BrightTalk – The Ultimate Goal: To Manage Information Security Governance and Risk Management
3.11 3.11.1 Risk Assessment
https://www.brighttalk.com/webcast/188/131269?utm_campaign=webcasts-search-results-feed&utm_content=grc%20tool&utm_source=brighttalk-portal&utm_medium=web
This webinar discusses the means for managing security for information assets and the means for assessing and mitigating the risk to organizational information assets.
Center for Internet Security Risk Assessment Method
3.11 3.11.1 Risk Assessment
https://learn.cisecurity.org/cis-ram
This link provides information about CIS RAM, an information security risk assessment method.
Commonwealth of Virginia – Risk Assessment Instructions
3.11 3.11.1 Risk Assessment
https://www.vita2.virginia.gov/uploadedFiles/Library/PSGs/Word_versions/Risk_Assessment_Instructions.doc
This example document from the state of Virginia is used to assist each agency in assessing the risks to its sensitive systems and data, and protecting the resources that support the mission.
Commonwelth of Massachusetts – Information Security Risk Management Standard
3.11 3.11.1 Risk Assessment
https://www.mass.gov/advisory/information-security-risk-management-standard
This standard defines the key elements of the Commonwealth’s information security risk assessment model to enable consistent identification, evaluation, response and monitoring of risks facing IT processes.
Cybersecurity & Infrastructure Security Agency – Cyber Resilience Review (CRR)
3.11 3.11.1 Risk Assessment
https://www.cisa.gov/resources-tools/resources/cyber-resilience-review-downloadable-resources
The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.
Federal Financial Institutions Examination Council – Cybersecurity Assessment Tool
3.11 3.11.1 Risk Assessment
https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_June_2015_PDF2.pdf
The Cybersecurity Assessment Tool consists of two parts: Inherent Risk Profile and Cybersecurity Maturity.
https://www.isaca.org/resources/isaca-journal/past-issues/2010/performing-a-security-risk-assessment
This article from ISACA discusses Enterprise Security Risk Assessment Methodology.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
This NIST Special Publication is a guide to the basic technical aspects of conducting information security assessments.
NIST SP 800-30 Guide for Conducting Risk Assessments
3.11 3.11.1 Risk Assessment
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
This NIST Special Publication provides guidance for conducting risk assessments.
https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt16603a027193d8b9/5e9e0685f92340115007214d/risk_assessment_policy.pdf
This SANS provided policy discusses performing periodic information security risk assessments.
