NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems

This is a Hard copy of the NIST Special Publication 800-30 Risk Management Guide forInformation Technology Systems. The objective of performing risk management is to enable the organization to accomplish itsmission(s) (1) by better securing the IT systems that store, process, or transmit organizationalinformation; (2) by enabling management to make well-informed risk management decisions tojustify the expenditures that are part of an IT budget; and (3) by assisting management inauthorizing (or accrediting) the IT systems3 on the basis of the supporting documentationresulting from the performance of risk management.TARGET AUDIENCEThis guide provides a common foundation for experienced and inexperienced, technical, andnon-technical personnel who support or use the risk management process for their IT systems.These personnel includeSenior management, the mission owners, who make decisions about the IT securitybudget.Federal Chief Information Officers, who ensure the implementation of riskmanagement for agency IT systems and the security provided for these IT systemsThe Designated Approving Authority (DAA), who is responsible for the finaldecision on whether to allow operation of an IT systemThe IT security program manager, who implements the security programInformation system security officers (ISSO), who are responsible for IT securityIT system owners of system software and/or hardware used to support IT functions.Information owners of data stored, processed, and transmitted by the IT systemsBusiness or functional managers, who are responsible for the IT procurement processTechnical support personnel (e.g., network, system, application, and databaseadministrators; computer specialists; data security analysts), who manage andadminister security for the IT systemsIT system and application programmers, who develop and maintain code that couldaffect system and data integrity2Disclaimer This hardcopy is not published by National Institute of Standards and Technology (NIST), the US Government or US Department of Commerce. The publication of this document should not in any way imply any relationship or affiliation to the above named organizations and Government.