Risk Assessment Methodolgies

  • OCTAVE is a self-directed, interdisciplinary team, focusing on operational risk and security practices, performing risk analysis.
  • FRAP is a qualitative risk analysis approach that uses pre-screening to identify critical risk areas.
  • NIST is a qualitative risk assessment methodology established with healthcare in mind.
  • Failure modes and effect analysis” assess risk by examining the effects of failures on three levels.
  • CRAMM is an IT risk analysis method used in the British Government.

Methodological Frameworks

  • ISO 27000 is a series of of standards to manage information security
  • ITIL is comprised of a series of books aiming to improve IT service management and IT processes
  • COSO is a framework for financial reporting and disclosure
  • COBIT is a four domain model for IT governance and has 214 control objectives