Background and Reference Material

The National Institute of Standards and Technology (NIST) sets standards for the United States, and especially for the Federal government. The Federal Information Security Management Act of 2002 (“FISMA”) required risk-based management of security for Federal information systems. NIST produced a Guide for Conducting Risk Assessmentsin 2002 that was revised in 2012.

You will find the revised guide here: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf  

Although the PDF document is about 100 pages, there are only 38 pages in the guide proper. You will need to review at least a few of the appendices for this assignment in addition to reading the Guide.

You can find more background material with Google and especially Good Scholar. Please note that you can set a date range with Google Scholar, and so get only material published after the rule changes were announced. Try to find at least one publication that is a peer-reviewed scientific journal.

Questions to answer: