Educause Security Discussion mailing list archives

Re: Risk Analysis Software

From: Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>
Date: Mon, 17 Oct 2005 11:46:55 -0600

I highly recommend RMS.  Their model is based off of NIST 800-37, so it
fits really well into a control structure based on NIST Guidelines.
However, what amount of budget have you set aside for this?

Has anyone used or evaluated any software packages for Risk
Management/Assessment?  I would like to conduct a fact-based risk
analysis on critical campus IT resources/processes based on NIST/ISO
standards, and would like to use a certain level of automation to cut
down on the time commitment.  I have looked at a few packages

including

CounterMeasures (www.countermeasures.com), Riskwatch
(www.riskwatch.com), and  RSAM (www.relsec.com).  If anyone has any
experience with these or others, your comments would be greatly
appreciated.  Feel free to contact me offline if you'd like.

Thanks,
~Brad


Brad Miller
IT Security Officer
Information Technology Systems and Services
University of North Dakota
(701) 777-3587
http://itsecurity.und.edu

--

Current thread:

Risk Analysis Software Brad Miller (Oct 17)
- <Possible follow-ups>
- Re: Risk Analysis Software David Grisham (Oct 17)
- Re: Risk Analysis Software Sarah Stevens (Oct 17)
- Re: Risk Analysis Software Melissa Guenther (Oct 17)
- Re: Risk Analysis Software Randy Marchany (Oct 17)