Information Risk Management, 2nd Edition

APPENDIX E – METHODOLOGIES, GUIDELINES AND TOOLS

The Collins English Dictionary defines a methodology as a way of proceeding or doing something, especially a systematic or regular one.

The discipline of risk management has its fair share of methodologies, some of which are described here.

METHODOLOGIES

CORAS

CORAS is an open-source risk management tool available from SourceForge without the additional scope included in Sherwood Applied Business Security Architecture (SABSA; see below). It consists of eight distinct steps,¹ which follow the generic risk management principles:

Step 1 is the initial preparations for a risk analysis. The main objectives are to understand what the target is and what the size of the analysis will be.
Step 2 is ...

Get Information Risk Management, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Information Risk Management, 2nd Edition by David Sutton

APPENDIX E – METHODOLOGIES, GUIDELINES AND TOOLS

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly