
450 ◾ The Security Risk Assessment Handbook
© 2011 by Taylor & Francis Group, LLC
Table13.4 Security Risk Assessment Methods (Continued)
Security Risk
Assessment
Approach Type Approach Phases Resources Required Application
FRAP Open quantitative
method
• Pre-FRAP meeting
• FRAP session
• Post-FRAP process
Facilitator and internal
manager
Gap and initial assessment
where time is of the essence
CRAMM Commercial
qualitative tool
• Asset identification
• Threat and
vulnerabilityassessment
• Countermeasure
recommendation
Qualified and
experienced practitioners
Demonstrating BS 7799
compliance
NSA IAM Open qualitative
method
• Pre-assessment
• On-site visit
• Post-assessment ...