Overview of Three Risk Analyses: MSRAM, OCTAVE, and CRAMM

In this article, we describe the three methods of risk analysis, especially MSRAM, OCTAVE and CRAMM, and describe in detail the methods described in the platform for decision-makers and response measures for prevention, protection, mitigation, response Method and Risk Part of the risk assessment and management process. The MSRAM MSRAM method is established by the US Coast Guard, which is unified to measure risk and assign resources within each area of ​​responsibility and to provide all inclusive methods.

CRAMM representative of risk analysis and management method, developed and owned by the National Security Agency of the UK Government. This is a qualitative risk assessment and management tool. CRAMM confirms the result of a series of recommendations to be taken into consideration the measures necessary to protect from the risk of information. CRAMM specific shortcomings need to be developed by government agencies, it applies only to government agencies, further evidence of risk management technology is generally applied to specific departments and organizations

Let's take a look at OCTAVE as an example, if you look closely. It was developed by Carnegie Mellon University Software Engineering Laboratory (SEI), an organization that is an OCTAVE tool aims to make it possible to fully understand and manage the risks they face. OCTAVE is usually thought of as a large organization most people, in the case of development (more than 300 employees), the main reason is to put more in the risk assessment process component I have a component. Because it requires a simple structure of risk assessment, SEI OCTAVE - S has been created for small organizations. OCTAVE-S will be available in the second quarter of 2003. www.syngress.com

The method of OCTAVE for IT risk assessment follows the self assessment risk assessment method related to business objectives. The idea here is to use the core expertise of the business organization to identify the risks specific to the business paradigm. As an IT risk assessment method, based on the experience of overtime, based on context-driven and self-instruction, OCTAVE organizes its own business needs combined. This tip is a comprehensive overview of relevant standards and workflows

Since it is risk evaluation / management, it is indispensable for safety management, so the two are closely related. This method includes the risk assessment module as well as the method of CRAMM safety assessment as being an important part of the first step. Meanwhile, the risk assessment method as a mecha evolved to a security evaluation. ISO Standard of risk management (principle and guidelines) issued on November 13, 2009 under code ISO 31000. Frequencies of similar events in the past are often used to estimate the probability of negative events. It may be difficult to estimate the probability of a rare malfunction. The frequency of failure is low, the harmful effect of failure is serious, which makes it difficult to assess hazardous industrial risks (nuclear etc)