phân tích cho từng kiểm soát được đề xuất để xác định kiểm soát là cần thiết và phù hợp với hoàn cảnh của họ. Phân tích chi phí-lợi ích có thể được tính hay định lượng. Mục đích của nó là để chứng minh rằng các chi phí thực hiện các điều khiển có thể được chứng minh bằng việc giảm mức độ rủi ro. | Special Publication 800-30 National Institute of Standards and Technology Technology Administration . Department of Commerce Risk Management Guide for Information Technology Systems Recommendations of the National Institute of Standards and Technology Gary Stoneburner Alice Goguen and Alexis Feringa NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems Recommendations of the National Institute of Standards and Technology Gary Stoneburner Alice Goguen1 and Alexis Feringa1 C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg MD 20899-8930 1Booz Allen Hamilton Inc. 3190 Fairview Park Drive Falls Church VA 22042 July 2002 . DEPARTMENT OF COMMERCE Donald L. Evans Secretary TECHNOLOGY ADMINISTRATION Phillip J. Bond Under Secretary for Technology NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Arden L. Bement Jr. Director SP 800-30 Page ii Reports on Computer Systems Technology The Information Technology Laboratory ITL at the National Institute of Standards and Technology promotes the . economy and public welfare by providing technical leadership for the nation s measurement and standards infrastructure. ITL develops tests test methods reference data proof-of-concept implementations and technical analyses to advance the development and productive use of information technology. ITL s responsibilities include the development of technical physical administrative and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in federal computer systems. The Special Publication 800-series reports on ITL s research guidance and outreach efforts in computer security and its collaborative activities with industry government and academic organizations. National Institute of Standards and Technology Special Publication 800-30 Natl. Inst. Stand. Technol. Spec. Publ. 800-30 54 pages .