Managing Risk from Information Systems: An Organizational Perspective
March 31, 2010
National Institute of Standards and Technology
Ron Ross , Stu Katzke, Arnold Johnson, Marianne Swanson , Gary Stoneburner
The purpose of NIST Special Publication 800-39 is to provide guidelines for managing risk to organizational operations and assets, individuals, other organizations, and the nation resulting from the operation and use of information systems.