City TLD Guide

Helpful risk management resources for organizations that need to minimize their risks.

• The Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the not-for-profit International Information Systems Security Certification Consortium, commonly known as (ISC2). The CISSP recommend specific risk assessment and management procedures and strategies.

• The National Institute of Standards and Technology (NIST) The NIST computer security division has a Special Publication Series, SP800 with magnificent recommendation and suggested practices to ensure stable, secure systems.  The following two are particularly helpful resources for performing a risk assessment:
  • NIST SP 800-39
    (Draft) “Managing Risk from Information Systems: An Organizational Perspective”
  • NIST SP 800-30
    “Risk Management Guide for Information Technology Systems”
• OCTAVE®
  This stands for CERT’s Operationally Critical Threat, Asset, and Vulnerability Evaluation^SM, which comes in the form of the OCTAVE Allegro method, a streamlined process used for information asset risk evaluation