- OCTAVE is a self-directed, interdisciplinary team, focusing on operational risk and security practices, performing risk analysis.
- FRAP is a qualitative risk analysis approach that uses pre-screening to identify critical risk areas.
- NIST is a qualitative risk assessment methodology established with healthcare in mind.
- “Failure modes and effect analysis” assess risk by examining the effects of failures on three levels.
- CRAMM is an IT risk analysis method used in the British Government.
Category: Security & Privacy
Methodological Frameworks
- ISO 27000 is a series of of standards to manage information security
- ITIL is comprised of a series of books aiming to improve IT service management and IT processes
- COSO is a framework for financial reporting and disclosure
- COBIT is a four domain model for IT governance and has 214 control objectives
Baselines, Procedures, Guidelines & Policies
- Baselines define a minimum technical standard that should be maintained across the organization
- Procedures are step-by-step instruction on how to comply with security requirements.
- Guidelines give discretionary guidance on how to comply with security requirements best.
- Policies define security requirements broadly.