The (excellent) Fundamental Information Risk Management (FIRM) methodology
is only licensed to members of the Information Security Forum (ISF)
<www.securityforum.org>. That's the only way to get it.
If you have it and are not a member organization, you are probably not
legally compliant and run the risks associated with copyright violation.
Unlike the free Standard of Good Practice, FIRM and other ISF tools and
publications are for Members only. That's one of the core benefits of
becoming a Member.
However, if you are an ISF member organization (or want to become one!),
FIRM implementation guidelines are available in the FIRM documentation
itself, through other Members via regional chapter meetings, or through
the on-line member forum, MX2. In addition, there are mature software
tools available to automate FIRM implementation, and some members may
provide FIRM consulting where appropriate.
As far as risk-management tools compliant with FIRM, the ISF has a whole
suite of "IRAM" and other tools developed to be compliant with one
another, including the FIRM framework and methodology.
-- Alan Willcox
The Vanguard Group
"The views expressed here are mine and do not reflect the official opinion
of my employer or the organization through which the Internet was
accessed."
"Ramiro Rodrigues" <ramiro.rodrigues@pobox.com>
11/10/2004 07:00 PM
Please respond to ramiro.rodrigues
To: <security-management@securityfocus.com>
cc:
Subject: FIRM -framework fo risk assessment methodology
implementation
Hi,
Does anybody have experience in implementing an I.T risk assessment
framework (tools and process) using FIRM methodology?
I need some basic guidelines in implementing it!
how to start?
Also, i need some indications of good IT risk managment tools (software)
that are "compliance"
with FIRM.
Please, let me know any information that could help me.
Thanks to everybody
Nikolas,
nikolas.rodrigues@terra.com.br
