Well, There is a standard called BS7799 which deals also with Risk Management: How BS7799 works http://www.gammassl.co.uk/bs7799/works.html I would also recommend to have a look at the brilliant GAO report titled ‘GAO Executive Guide Information Security Management Learning From Leading Organizations, GAO/AIMD-98-68 Information Security Management, May 1998, which also contains a part on Risk Management: http://www.iwar.org.uk/comsec/resources/gao/ai98068.pdf In addition to that have a look at http://www.iwar.org.uk/comsec/resources/fasp/nist.htm RISK MANAGEMENT - the process of assessing risk, taking steps to reduce risk to an acceptable level, and maintaining that level of risk. Risk Assessment Methodology - CMS (.pdf) 04/10/03 Risk Assessment Template - CMS (zipped file - WinZip) 04/10/03 Threat Identification Resource - CMS (.pdf) 04/10/03 Threat ID Workbook- CMS (zipped file - WinZip) 04/10/03 System Security Levels - CMS (.pdf) 04/10/03 Acceptable Risk Safeguards - CMS (.pdf) 04/10/03 General Support Systems and Major Applications Inventory Guide 07/25/02 Sample Levels of Sensitivity 03/11/02 Statement of Work: Risk Assessments - Dept. Education 02/12/02 Sample Generic Policy and High Level Procedures for Risk Assessment 08/02/00 Also, I am currently finishing a feature on risk management (and I will send you a copy once finished as I still have to transcribe 1 hour interview for it). I hope this helps. WEN ------------------------------------------------------------------------ ‘Information is the currency of victory on the battlefield.’ GEN Gordon Sullivan, CSA (1993) ------------------------------------------------------------------------ Wanja Eric Naef Principal Researcher IWS - The Information Warfare Site http://www.iwar.org.uk ------------------------------------------------------------------------ Join the IWS Infocon Mailing List @ http://www.iwar.org.uk/general/mailinglist.htm ------------------------------------------------------------------------ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. -----Original Message----- From: owner-crime@private [mailto:owner-crime@private] On Behalf Of Keith Proffitt Sent: 21 May 2003 06:29 To: crime@private Subject: CRIME Research & resources Can someone point me to some resources on the internet in regards to "Enerprise Risk Management" or "Information Risk Management"? Thanks. Keith Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo.
This archive was generated by hypermail 2b30 : Wed May 21 2003 - 15:01:20 PDT