Title :
The state of the art of risk assessment and management for information systems
Author :
Lulu Liang ; Wang Ren ; Jing Song ; Huaming Hu ; Qiang He ; Shuo Fang
Author_Institution :
China Inf. Technol. Security Evaluation Center, Beijing, China
Abstract :
Risk assessment and management for information system are very important for assuring the system security. It requires not only careful but also systematic analysis of threat and vulnerability information. Depending on the analysis result, we could determine the extent to which events could adversely impact the organization and the likelihood that such events will occur. Under FISMA(Federal Information Security Management Act) of 2002, the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) develops a series of publications to protect the information system. In this paper, we give the outline of the state of the art of the risk assessment and management in the ITL at NIST. Some fundamental concepts and model are introduced to interpret the process of risk assessment. Besides, the relationship among the security related publications corresponding with the risk management is analyzed and concluded.
Keywords :
information systems; risk management; security of data; FISMA; Federal Information Security Management Act; ITL; Information Technology Laboratory; NIST; National Institute of Standards and Technology; information system protection; information systems; risk assessment; risk management; security related publications; system security assurance; threat information analysis; vulnerability information analysis; Monitoring; Systematics; Wires; FISMA; NIST; information system; risk assessment; risk management;
Conference_Titel :
Information Assurance and Security (IAS), 2013 9th International Conference on
Conference_Location :
Gammarth
Print_ISBN :
978-1-4799-2989-4
DOI :
10.1109/ISIAS.2013.6947735
