Facing the emerging challenges of the Internet era, managers and information security professionals in business and government should manage specific risks to their organizations to ensure efficient operations. This paper explains basic components of risk analysis and management processes and mentions different methodologies and approaches. It then describes and discusses CRAMM, as an automated tool based on qualitative risk assessment methodology, by going through the stages of a CRAMM review, i.e. asset identification and valuation, threat and vulnerability assessment, and countermeasure recommendation. Raising organizational awareness CRAMM is a comprehensive and flexible tool especially for justifying prioritized countermeasures at a managerial level, needing, however, qualified and experienced practitioners for efficient results.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
