Key Terms 4 Flashcards
Risk Management Guide for Information Technology Systems A U.S. federal standard that is focused on IT risks.
NIST 800-30
A focused, qualitative approach that carries out prescreening to save time and money.
Facilitated Risk Analysis Process (FRAP)
Team-oriented approach that assesses organizational and IT risks through facilitated workshops.
Operationally Critical Threat, Asset, and Vulnerability Evaluation
(OCTAVE)
Australia and New Zealand business risk management assessment approach.
AS/NZS 4360
International standard for the implementation of a risk management program that integrates into an information security management system (ISMS).
ISO/IEC 27005
Approach that dissects a component into its basic functions to identify flaws and those flaws’ effects.
Failure Modes and Effect Analysis
Approach to map specific flaws to root causes in complex systems.
Fault tree analysis
Central Computing and Telecommunications Agency Risk Analysis and Management Method.
CRAMM