Davidi.org: Additional useful info while Assessing Risk

Thursday, February 14, 2008

Additional useful info while Assessing Risk

Asset Classes

For additional information on defining and categorizing information and information systems, refer to National Institute of Standards and Technology (NIST) Special Publication 800-60 workshops, "Mapping Types of Information and Information Systems to Security Categories," and the Federal Information Processing Standards (FIPS) publication 199, "Security Categorization of Federal Information and Information Systems."

for "Common Information System Assets" http://www.microsoft.com/technet/security/guidance/complianceandpolicies/secrisk/srappb.mspx

for "Common Threats"
http://www.microsoft.com/technet/security/guidance/complianceandpolicies/secrisk/srappc.mspx

for examples of "Vulnerabilities"
http://www.microsoft.com/technet/security/guidance/complianceandpolicies/secrisk/srappd.mspx

1 comment:

DanPhilpott said...: The urls are clipped. This looks like useful information but I can't get at it.

And thank you for taking the time to post this.; February 14, 2008 at 5:18 PM