no more cubes

Category: Security & Privacy

  • SOMAP

    Security Officers Management and Analysis Project. A Swiss non-profit organization.

  • Value at Risk (VAR)

    The Value at Risk (VAR) framework knows four stages: Identify threats Estimate likelyhood Estimate VAR Mitigate risk  

  • P.U.S.H.

    The four phases of PUSH are: Preparation Defining audience and purpose of risk assessment. Universe definition identifying and characterizing most critical assets, risks and controls. Scoring choosing consistent scales to rate importance of assets, impact of risk and the effectiveness of controls. Hitting the mark ensure risk assesment fulfils the purpose set out in the…

  • Risk Assessment Methodolgies

    OCTAVE is a self-directed, interdisciplinary team, focusing on operational risk and security practices, performing risk analysis. FRAP is a qualitative risk analysis approach that uses pre-screening to identify critical risk areas. NIST is a qualitative risk assessment methodology established with healthcare in mind. “Failure modes and effect analysis” assess risk by examining the effects of…

  • Methodological Frameworks

    ISO 27000 is a series of of standards to manage information security ITIL is comprised of a series of books aiming to improve IT service management and IT processes COSO is a framework for financial reporting and disclosure COBIT is a four domain model for IT governance and has 214 control objectives

  • Baselines, Procedures, Guidelines & Policies

    Baselines define a minimum technical standard that should be maintained across the organization Procedures are step-by-step instruction on how to comply with security requirements. Guidelines give discretionary guidance on how to comply with security requirements best. Policies define security requirements broadly.