"Microsoft’s approach to risk management and assessment isn’t the only one available to organizations. Some other popular approaches include:
* Risk Management Guide for Information Technology Systems and Security Self-Assessment Guide for Information Technology Systems, both developed by the National Institute for Standards and Technology (NIST)
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
http://csrc.nist.gov/publications/nistpubs/800-26/sp800-26.pdf
* Information technology — Code of practice for information security management (ISO 17799), available from the International Standards Organization (ISO).
http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=33441&ICS1=35&ICS2=40&ICS3=
* Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) from Computer Emergency Response Team (CERT) at the Software Engineering Institute at Carnegie-Mellon University.
http://www.cert.org/octave
These resources are also useful in helping you plan and implement an effective risk management solution for your company. But in my opinion, Microsoft’s approach is simple and easy to implement, and is a good starting point, especially for IT shops that are strong on Microsoft platforms. For although the Guide is described by Microsoft as being cross-platform and vendor-neutral in its approach, its prescriptive control solutions target Microsoft products in particular. That doesn’t surprise me however, and in no way reduces the usefulness of this excellent Guide."
Read source...
Thursday, February 14, 2008
More info on Security Risk Management
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment