- Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
- CCTA Risk Analysis and Management Method (CRAMM)
- Information Security Forum's Fundamental Information Risk Management (FIRM)
- Commonly Accepted Security Practices and Regulations (CASPR)
- Control Objectives for Information and (Related) Technology (COBIT)
- A portion of ISO 17799
- The vulnerability of various elements in your resource
- Any special circumstances affecting your resource, such as the maturity or complexity of technology
- The level of threat
- The potential business impact of a breach or denial-of-service
Citicus has created a risk management tool, Citicus ONE, which is based mainly on the FIRM assessment methodology.
FIRM is more popular outside of the U.S. and COBIT and OCTAVE are more industry-accepted approaches to IT governance and risk assessment methodologies.
I had difficulties accessing FIRM documentation, which leads me to believe you will need to contact Information Security Forum directly and most likely pay to become a member in order to access their documentation. You can contact them via Tel: +44 (0)20 7212 5346, or E-mail: firstname.lastname@example.org or email@example.com.
Dig Deeper on Enterprise Risk Management: Metrics and Assessments
Related Q&A from Shon Harris, Contributor
When it comes to firewalls, the networking group often handles the installation, while the information security department writes the rules. Should ...continue reading
In today's security world, it's hard to keep track of each and every management standard and auditing procedure. In this SearchSecurity.com Q&A, ...continue reading
Before you begin putting the pieces of your security program together, you may want to have a look at ISO 27001. In this expert Q&A, Shon Harris ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.