Choosing the correct tool

Choosing the correct tool or tools for an organisation requires knowledge of the organisation and the ability to see what must be within the scope of the risk assessment.

There does not appear to be one tool that is an universal business driven risk assessment tool on the market. This may mean that more than one tool is required.

One of the problems of using more than one risk tool is the need to convert their output (typically control requirements) into a common language or align them with a single standard.

An Introduction To Information, Network and Internet Security
Choosing the correct tool Choosing the correct tool or tools for an organisation requires knowledge of the organisation and the ability to see what must be within the scope of the risk assessment. There does not appear to be one tool that is an universal business driven risk assessment tool on the market. This may mean that more than one tool is required. One of the problems of using more than one risk tool is the need to convert their output (typically control requirements) into a common language or align them with a single standard.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security