Re: Risk Analysis Software

[David Grisham <DGrisham () SALUD UNM EDU>]

we are implementing RiskWatch as a life cycle process for our health science center and hospital system.  There are 
successful implementations of both products RiskWatch & RSAM that we talked to during the RFP process.  I would talk to 
the vendor and get recommendations from their successes as well as research listservs-you are doing here.  I would be 
glad to talk with you off-line about the successes and problems we have had with our product.
 
 
Cheers. -grish
David D. Grisham, Ph.D.,  CISM, CHS III
Information Security Officer,  
UNM Hospitals, Information Technology
1650 University Blvd,  S.500, Albuquerque, NM 87102
Ph: (505) 272-5657 FAX 272-3305
Work email:  dgrisham () salud unm edu
Adjunct Faculty, Computer Science, UNM
Academic & personal email:  dave () unm edu
 


> > > bradmiller () MAIL UND NODAK EDU 10/17/2005 11:04:00 AM >>>

Has anyone used or evaluated any software packages for Risk
Management/Assessment?  I would like to conduct a fact-based risk
analysis on critical campus IT resources/processes based on NIST/ISO
standards, and would like to use a certain level of automation to cut
down on the time commitment.  I have looked at a few packages including
CounterMeasures (www.countermeasures.com), Riskwatch
(www.riskwatch.com), and  RSAM (www.relsec.com).  If anyone has any
experience with these or others, your comments would be greatly
appreciated.  Feel free to contact me offline if you'd like.

Thanks,
~Brad


Brad Miller
IT Security Officer
Information Technology Systems and Services
University of North Dakota
(701) 777-3587
http://itsecurity.und.edu