If you are a Privacy Officer, or in Information Systems Management, you will
want to read this draft. If you are an Information Systems Security Officer,
you SHOULD read this draft.
Regards,
Barbara McGowin

-----Original Message-----
From: compsecpubs@... [mailto:compsecpubs@...] On Behalf Of
Patrick O'Reilly
Sent: Friday, April 04, 2008 9:33 AM
To: Multiple recipients of list
Subject: NIST Releases 2nd Draft of Special Publication 800-39


NIST announces the release of the second public draft of Special
Publication 800-39, Managing Risk from Information Systems: An
Organizational Perspective. This publication provides guidelines for
managing risk to organizational operations, organizational assets,
individuals, other organizations, and the Nation resulting from the
operation and use of information systems. Special Publication 800-39
is the flagship document in the series of FISMA-related publications
developed by NIST and provides a structured, yet flexible approach
for managing that portion of risk resulting from the incorporation of
information systems into the mission and business processes of
organizations. Comments will be accepted through April 30, 2008.
Comments should be forwarded to the Computer Security Division,
Information Technology Laboratory at NIST or submitted via email to:
sec-cert@...

URL to draft document:
http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-39