[dssa] Link to detailed NIST risk-assessment methods

["Mike O'Connor" <mike@xxxxxxxxxx>]

hi all,

we spent a fair amount of time on the call today getting a first look at a 
methodology from NIST (US gov't -- National Institute of Standards and 
Technology -- inside the Dept of Commerce, i think).

those of us on the call felt that this might be a "good enough" methodology to 
serve as a starting point for building out our analysis -- so i'm forwarding a 
link to a long detailed PDF that describes it.  i'm just starting to read it 
myself and hope that we can come back to the same topic on our next call.  

        csrc.nist.gov/publications/drafts/800-30-rev1/SP800-30-Rev1-ipd.pdf

thanks,

mikey


- - - - - - - - -
phone   651-647-6109  
fax             866-280-2356  
web     http://www.haven2.com
handle  OConnorStP (ID for public places like Twitter, Facebook, Google, etc.)