Common Risk-Assessment Methodologies and Templates
Many risk-assessment methodologies and templates can be used. Realize that every methodology and approach has it pros and cons. What is most important is learning how to conduct your own risk assessment using elements from each methodology or making the risk-assessment approach fit the organization’s environment. This section will present some of the more popular risk-assessment methodologies, such as
ISO 17799— An international standard for conducting a self-assessment and self-certification as per the best practices in information security. ISO17799 evolved from the original BS7799 standard developed out of the United Kingdom.
OSSTMM— The Open Source Security Testing Methodology Manual assists ...