NIST's Ron Ross, one of the world's top information risk thought leaders, says new guidance he co-wrote doesn't dictate how organizations must approach risk assessment, but gives enterprises options ...

The National Institute of Standards and Technology released an extensive update to the agency’s Guide for Conducting Risk Assessments that aims to be the risk assessment guidance source for federal ...

The risk assessment guidance is designed to go beyond its first mission of protecting government entities to meet the needs of a variety of organizations, large and small, including financial ...

Too many healthcare providers fail to conduct comprehensive, timely risk assessments, as required under HIPAA as well as the HITECH Act, says security consultant Kate Borten, president of The ...

The risk assessment methodology is a foundational pillar of effective information security and there are numerous risk methodologies available to allow organizations to identify, quantify, and ...

The Obama administration appears to be taking new steps to address concerns about potential vulnerabilities in the IT supply chain. The National Institute for Standards and Technology has released ...