1. Nieuws
  2. Mooi overzicht van risicomanagement frameworks & tools

Nieuws

Mooi overzicht van risicomanagement frameworks & tools

Op 20 augustus heeft Andrey Prozorov (CISM, CIPP/E, CDPSE, LA 27001) een handig overzicht gepubliceerd van de meest gangbare normen en raamwerken die binnen het werkveld van risicomanagement worden gebruikt. De meest bekende organisaties voor risicomanagement in de westerse wereld, zoals ISO, COSO, ANSSI, FAIR, ISACA en NIST, worden erin genoemd. Ofschoon het aanbod veel breder is, zeker op het niveau van technische standaarden en uitvoeringsmodellen, geeft dit een mooi overzicht van aangeboden hulpmiddelen bij het inrichten, uitvoeren en verbeteren van uw risicomanagement functie. Voor een aantal standaarden en modellen moet worden betaald, een heel aantal anderen, inclusief de toolbox van Enisa, zijn vrij verkrijgbaar. U vindt in het document tevens de links naar de betreffende downloadsites. Doe er uw voordeel mee!

1.   ISO 31000:2018

Risk management — Guidelines

ISO

International, Switzerland

CHF124 ($140)

2.   COSO Enterprise Risk Management

Integrating with Strategy and Performance

COSO

International, USA

£158

3.   RIMS Risk Maturity Model (RMM)

RIMS

International, USA

$199

4.   S&P Enterprise Risk Management Evaluations

S&P

International, USA

Free

Information Security, Privacy, and IT

5.   ISO/IEC 27005:2022

Information security, cybersecurity and privacy protection — Guidance on managing information security risks

ISO

International, Switzerland

CHF187 ($210)

6.   ISO/IEC 27557:2022

Information security, cybersecurity and privacy protection — Application of ISO 31000:2018 for organizational privacy risk management

ISO

International, Switzerland

CHF124 ($140)

7.   Information Risk Assessment Methodology 2 (IRAM2)

ISF

International, USA

For members

8.   EBIOS Risk Manager (EBIOS RM)

ANSSI

France

Free

9.   OCTAVE FORTE

(Operationally Critical Threat, Asset, and Vulnerability Evaluation FOR The Enterprise)

CMU

USA

Free

10. Factor Analysis of Information Risk (FAIR)

FAIR Institute

USA

35$

11. Risk IT Framework

(+Risk IT Practitioner Guide, Risk Starter Kit Tool Risk Scenarios Starter Pack)

ISACA

International, USA

75$

12. COBIT Focus Area: Information and Technology Risk Using COBIT 2019

ISACA

International, USA

90$

13. EU Risk Management Toolbox

ENISA

Europe

Free

14. NIST Risk Management Framework RMF

NIST

USA

Free

15. NIST SP 800-30 Rev. 1

Guide for Conducting Risk Assessments

NIST

USA

Free

16. NIST SP 800-39

Managing Information Security Risk: Organization, Mission, and Information System View

NIST

USA

Free

17. Cyber security risk management framework

NCSC

UK

Free

18. Controls of Risk and Business Continuity Management for Digital Government

DGA

Saudi Arabia

Free

19. Risk Analysis based on IT-Grundschutz (BSI-Standard 200-3)

BSI

Germany

Free

20. IEC 62443-3-2:2020

Security for industrial automation and control systems - Part 3-2: Security risk assessment for system design

IEC

International, Switzerland

CHF220 ($250)

21. Threat Assessment & Remediation Analysis (TARA)

MITRE

USA

Free

22. Microsoft’s Cloud Risk Decision Framework

Microsoft

USA

Free

 

Links:

  1. ISO 31000: https://www.iso.org/standard/65694.html
  2. COSO: https://www.coso.org/guidance-erm
  3. RIMS: https://www.rims.org/Tools/risk-maturity-model
  4. S&P: https://www.spglobal.com/ratings/en/products-benefits/products/enterprise-risk-management- evaluations

 

  1. ISO 27005: https://www.iso.org/standard/80585.html
  2. ISO 27557: https://www.iso.org/standard/71675.html
  3. IRAM2: https://www.securityforum.org/solutions-and-insights/information-risk-assessment- methodology-iram2
  4. EBIOS: https://www.ssi.gouv.fr/guide/ebios-risk-manager-the-method
  5. OCTAVE FORTE: https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=644636
  6. FAIR: https://www.fairinstitute.org/what-is-fair
  7. RISK IT Framework: https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004Ko9VEAS
  8. COBIT Focus Area: https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KmAREA0
  9. EU Toolbox: https://www.enisa.europa.eu/publications/interoperable-eu-risk-management-toolbox
  10. NIST RMF: https://csrc.nist.gov/projects/risk-management/about-rmf
  11. NIST SP 800-30: https://csrc.nist.gov/pubs/sp/800/30/r1/final
  12. NIST SP 800-39: https://csrc.nist.gov/pubs/sp/800/39/final
  13. NCSC Framework: https://www.ncsc.gov.uk/collection/risk-management/cyber-security-risk- management-framework
  14. DGA RM:

https://dga.gov.sa/en/Controls_Of_Risk_and_Business_Continuity_Management_For_Digital_Governme nt

  1. BSI-Standard 200-3: https://www.bsi.bund.de/DE/Themen/Unternehmen-und- Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/BSI-Standards/BSI-Standard-200-3- Risikomanagement/bsi-standard-200-3-risikomanagement_node.html
  2. IEC 62443-3-2: https://webstore.iec.ch/publication/30727
  3. TARA: https://www.mitre.org/news-insights/publication/threat-assessment-and-remediation-analysis- tara
  4. Microsoft CRDF: https://download.microsoft.com/documents/australia/enterprise/smic1545_pdf_v7_pdf.pdf

Reacties

Log in om de reacties te lezen en te plaatsen