S3SS10N Wednesday – NIST SP 800-30 Part 1

Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here
< Back to S3SS10NS

S3SS10N Wednesday – NIST SP 800-30 Part 1

Published: September 14, 2016 | By: Dean Pompilio | Views: 7145
save
This post has been saved to your profile

This Weeks S3SS10N Wednesday


This session covers the National Institute of Standards and Technology’s (NIST) guide for conducting risk assessments. This document gives an in-depth explanation about the best-practices according to the industry in conducting risk assessment. This lesson specifically covers NIST SP 800-30 and this particular document is fairly recent, with its most recent revision being in September of 2012. Risk assessment is important to understand for several reasons; the most significant being that a risk assessment is something that is repeatable. A risk assessment performance is usually the result of two triggers:

  1. Time: The annual risk assessment
  2. Event-based: the result of a major incident

This session goes through the steps, offering a brief introduction, discussing the fundamentals and finally going through the actual process. The goal of a risk performance assessment is to have it done cost effectively efficiently and in a timely manner. Once completed, the information is shared with stakeholders as well as the CIO and/or CEO of a company. Finally, the risk assessment must be maintained to show there is a good record of assessment activity.

  1. This session also discusses:
  2. Threat source identification
  3. Taxonomy of threat sources
  4. Adversary Capability
  5. Adversary Intent
  6. Non-adversarial threat sources

Whiteboard Notes

Click Image to View a Larger Version
< Back to S3SS10NS

About This S3SS10N Wednesday's Contributor

Dean Pompilio
Dean Pompilio has been in the IT field since 1989 and has both US and international experience working in the banking and credit card industries. After spending most of this life in Chicago, he came to the Washington, DC area in 2005 and has worked with the Department of Justice as well as the State Department in senior analyst roles as well as The World Bank.
Enjoy this S3SS10N Wednesday? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter LinkedIn Email
Join Cybrary
9 Comments
  1. For the pass 2 weeks, my chrome have been showing me vimeo cant play

  2. >because of its privacy settings this video cannot be played here.

    been getting this everywhere since yesterday
    how come?

  3. Very Insightful lecture on NIST.. Thanks

  4. Thanks for this Dean, another great Session Wednesday tutorial.

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel