Risk management tools

There are a number of tools for performing information security risk management available on the market. These range from 'pen and paper' systems through the use of a spreadsheet to the complex integrated risk tools.

Some of these include:

· COBRA

· CRAMM

· FIRM

· FRAP

· SARA

· SPRINT

· RA2

Most of these do not really consider the business context of the organisation and concentrate on the infrastructure or application risks.

What must be considered in choosing a risk tool for information security risk assessment is the 'business driven aspect' that is required. To do this it may be necessary to use more than one tool.

An example of this is shown in the following pages:

Overview
Business processes
Modelling risk in a business manner
Choosing the correct tool

An Introduction To Information, Network and Internet Security
Risk management tools There are a number of tools for performing information security risk management available on the market. These range from 'pen and paper' systems through the use of a spreadsheet to the complex integrated risk tools. Some of these include: · COBRA · CRAMM · FIRM · FRAP · SARA · SPRINT · RA2 Most of these do not really consider the business context of the organisation and concentrate on the infrastructure or application risks. What must be considered in choosing a risk tool for information security risk assessment is the 'business driven aspect' that is required. To do this it may be necessary to use more than one tool. An example of this is shown in the following pages: Overview Business processes Modelling risk in a business manner Choosing the correct tool	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security