Skip to content
    Home / Function (NIST CSF 2.0) / ID - Identify / RA - Risks Asst

    RA – Risks Asst

    NIST CSF Category ID.RA
    Risk assessment is a cornerstone of cybersecurity, and normative documents are essential in providing structured methodologies and legal expectations for evaluating threats, vulnerabilities, and potential impacts. Standards such as ISO/IEC 27005 for information security risk management and NIST SP 800-30 for risk assessment guidance outline best practices for identifying, analyzing, and prioritizing risks to information systems. Regulatory frameworks like the EU NIS2 Directive or the Gramm-Leach-Bliley Act (GLBA) in the U.S. require organizations to perform documented risk assessments as part of compliance obligations. By adhering to these standards and regulations, organizations can make informed decisions on risk mitigation, ensure accountability, and build trust with stakeholders while aligning with national and international cybersecurity expectations.

    MITRE CAPEC – Common Attack Pattern Enumeration and Classification Version 3.9

    The MITRE Common Attack Pattern Enumeration and Classification (CAPEC) is a publicly available, comprehensive catalog that documents and categorizes common attack patterns used by adversaries to exploit software and systems.… Read More »MITRE CAPEC – Common Attack Pattern Enumeration and Classification Version 3.9

    NIST SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View

    NIST SP 800-39 serves as the overarching flagship for information security risk management, providing the high-level governance necessary to align cybersecurity efforts with an organization’s core mission and business objectives.… Read More »NIST SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View