has a pointer
to a draft NIST paper, entitled "Risk Management Guide for Information Technology Systems
". This is a good-to-have as it presents a method for formalizing the risk management process. A recent update ties in the FIPS 199 which became "set in stone" approximately two weeks ago.
On an associated note, Kevin at The Lost Olive has one for "A Baseline for Achieving Security" which supposedly helps build usuable security processes.
Post a Comment