Educause Security Discussion mailing list archives
Re: Risk Analysis Software
From: Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>
Date: Mon, 17 Oct 2005 11:46:55 -0600
I highly recommend RMS. Their model is based off of NIST 800-37, so it fits really well into a control structure based on NIST Guidelines. However, what amount of budget have you set aside for this?
Has anyone used or evaluated any software packages for Risk Management/Assessment? I would like to conduct a fact-based risk analysis on critical campus IT resources/processes based on NIST/ISO standards, and would like to use a certain level of automation to cut down on the time commitment. I have looked at a few packages
including
CounterMeasures (www.countermeasures.com), Riskwatch (www.riskwatch.com), and RSAM (www.relsec.com). If anyone has any experience with these or others, your comments would be greatly appreciated. Feel free to contact me offline if you'd like. Thanks, ~Brad Brad Miller IT Security Officer Information Technology Systems and Services University of North Dakota (701) 777-3587 http://itsecurity.und.edu
--
Current thread:
- Risk Analysis Software Brad Miller (Oct 17)
- <Possible follow-ups>
- Re: Risk Analysis Software David Grisham (Oct 17)
- Re: Risk Analysis Software Sarah Stevens (Oct 17)
- Re: Risk Analysis Software Melissa Guenther (Oct 17)
- Re: Risk Analysis Software Randy Marchany (Oct 17)