2 NIST publications recommend organization-wide IT security risk management
Two new draft publications from the National Institute of Standards and Technology provide the groundwork for a three-tiered risk-management approach that encompasses computer security risk planning from the highest levels ...