In this post, I want to outline the risk methodologies presented in the book. Each will be paired with a brief description about them as well as what their abbreviations stand for.
NIST - "Risk Management guide to Information Technology Systems". Mostly used for computer systems and IT security issues.
FRAP - Facilitated Risk Analysis Process. Only focus on the risks that need the most attention. Goal is to save time and money. Only to be used to analyze one thing at a time.
OCTAVE - Operationally Critical Threat, Asset, and Vulnerability Evaluation. Used to look at all systems within an organization.
FMEA - Failure Modes and Effect Analysis. Uncovers flaws and the effects of these flaws.
CRAMM - Central Computing and Telecommunications Agency Risk Analysis and Management Method. This is the most generic approach in that it covers everything in risk analysis.
No comments:
Post a Comment