Network Security: Detailed info on Re: Information Risk Management

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Management

[Top] [All Lists]

Re: Information Risk Management

from [alan_willcox] Network Security

[Permanent Link]

Subject:	Re: Information Risk Management
Date:	Fri, 17 Jun 2005 10:38:17 -0400

John, thanks for your clarification -- I read the original post too 
quickly.
The ISF does have substantial research reports and a tool call Fundamental 
Information Risk Managment (FIRM), as well as a current project on 
methodologies and tools, but it's available only to ISF Members 
(plug,plug).
As far as the Standard of Good Practice goes, IRM is addressed somewhat in 
the sections I cited before, but you are correcting in that they primarily 
address information risk analysis/assessment.
Section SM72 addresses high-level security monitoring, which may be 
helpful. Otherwise, information risk management specifications are spread 
across various areas. For example, Section SM66 deals with electronic 
commerice, but has some details on how risks from e-commerce initiatives 
are to be managed.
-- Alan
"The views expressed here are mine and do not reflect the official opinion 
of my employer or the organization through which the Internet was 
accessed."

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Information Risk Management, John Blackley RE: Information Risk Management, Andrew Rogers Re: Information Risk Management, Karan Saberwal RE: Information Risk Management, Mike Rodriques Re: Information Risk Management, alan_willcox RE: Information Risk Management, Nitin Nair Re: Re: Information Risk Management, jblackley Re: Information Risk Management, alan_willcox <=

Previous by Date:	RE: Banking Security Policy & Risk Assesment Papers, Fiamingo, Frank
Next by Date:	Incident management policy, Simone
Previous by Thread:	Re: Re: Information Risk Management, jblackley
Next by Thread:	Re: Risk Assessment Standards, Chris Raymond
Indexes:	[Date] [Thread] [Top] [All Lists]