Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Risk Assessment Modelling

from [Burke, Charles] Network Security [Permanent Link]
Subject: RE: Risk Assessment Modelling
Date: Tue, 10 Aug 2004 12:34:07 -0400 
Why not use the Microsoft Threat Modeling tool?
CRAMM - have not used it but it looks monolithic at first glance.  I
think its commercial so I am sure it has many neat features.  My take is
that its great for someone dedicated to that specific task.  I have not
actually used it so that's my grain of salt.

-----Original Message-----
From: Stan Guzik [mailto:SGuzik@ImmediaTech.com] 
Sent: Tuesday, August 10, 2004 9:06 AM
To: atlantis 1; security-management@securityfocus.com
Subject: RE: Risk Assessment Modelling


Hello,

Rich Seiersen of OWASP has created a risk assessment tool based on
ISO17799.  I haven't seen it yet and he may release it as open source.
If you would like I can get you in contact with him.

Thanks,
Stan Guzik

-----Original Message-----
From: atlantis 1 [mailto:atlantis1@fastmail.fm] 
Sent: Monday, August 09, 2004 8:28 AM
To: security-management@securityfocus.com
Subject: Risk Assessment Modelling



Hi,



I am currently working on a Risk Assessment Model as part of my
organisation's initiative to prepare for a BS7799 Certification.



I have gone through NIST 800-30 and OCTAVE and am accordingly developing
an excel based quasi quantitative model which takes into account
threats, impact, probabilities of occurence in analysing risk.



I would like to know whether there are any standard software that can
help me in doing a risk assessment exercise. I have heard about CRAMM,
but have not had an opportunity to use/evaluate it. Any inputs on any
good software applications in the field of Risk Assessment would be much
appreciated.



Thanks in advance for your help.



Regards.

Andrew
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Risk Assessment Modelling, Irony
Next by Date:  Re: third party access information, John Blackley
Previous by Thread:  RE: Risk Assessment Modelling, Irony
Next by Thread:  Re: Risk Assessment Modelling, atlantis 1
Indexes:  [Date] [Thread] [Top] [All Lists]