Answer:
NIST SP 800 30
Step-by-step explanation:
Cyber security can be defined as a preventive practice of protecting computers, software programs, electronic devices, networks, servers and data from potential theft, attack, damage, or unauthorized access by using a body of technology, frameworks, processes and network engineers.
Risk management can be defined as the process of identifying, evaluating, analyzing and controlling potential threats or risks present in a business as an obstacle to its capital, revenues and profits.
This ultimately implies that, risk management involves prioritizing course of action or potential threats in order to mitigate the risk that are likely to arise from such business decisions.
NIST is acronym for National Institute of Standards and Technology and it's under the U.S. Department of Commerce. The NIST cybersecurity framework (CSF) is a powerful tool that provide guidelines for both the external and internal stakeholders of organization on how they can effectively and efficiently organize, manage, and improve their cybersecurity programs, so as to mitigate the risks associated with cybersecurity.
The NIST SP 800 30 is a risk mitigation framework that provide guidance for conducting or allows scope for research, assessment and acknowledgement for risk mitigation of federal information systems and organizations.
Typically, NIST SP 800 30 is used for translating cyber risk so that it can easily be understood by the chief executive officer (CEO) and board of both a public and private organization.