August 8

Open Source Information Security Risk Management – can it be?

Hopefully it is clear by my efforts that I am supportive of community driven approaches to defining and improving information security. One of our loyal catalysts (hat tip to Bill) pointed out the The Security Officers Management and Analysis Project (SOMAP.org)

I am not yet familiar with this effort, but plan to spend some time reviewing the website when I get back from another “Effective Assurance in IT Operations” workshop (sometime next week). I spent a few minutes checking the link and reviewing the effort – and it seems solid and is something I am looking forward to checking back into.
I’m curious to learn what you think of this site, the information and ideas and suggestions on how you think we can contribute and make a difference… leave some comments or send me an email: securitycatalyst@gmail.com


Tags


You may also like

Are you using frameworks properly?

Leadership and communication are actually layers, not levels

  1. Michael – I gave this a quick look over and think it is an excellent idea. Too much of the open source stuff has focused on applications. This gives the security practitioner a policy based how to on risk management. This type of nuts and bolts, how to’s are invaluable to people out there. I will take a closer look and see how I can help

    alan

  2. Michael – I gave this a quick look over and think it is an excellent idea. Too much of the open source stuff has focused on applications. This gives the security practitioner a policy based how to on risk management. This type of nuts and bolts, how to’s are invaluable to people out there. I will take a closer look and see how I can help

    alan

  3. Let’s not forget all of the other free risk management tools and techniques out there:
    – Carnegie-Mellon Software Engineering Institute, Risk Management FAQ, http://www.sei.cmu.edu/risk/risk.faq.html
    – Carnegie-Mellon Software Engineering Institute, OCTAVESM Method, January 31, 2001, http://www.cert.org/octave/methodintro.html
    – Microsoft Corporation, The Security Risk Management Guide, 2004, http://www.microsoft.com/technet/security/guidance/secrisk/default.mspx
    – NIST (National Institute of Standards and Technology), Special Publication 800-30: Risk Management Guide for Information Technology Systems, October 2001. http://csrc.nist.gov/publications/nistpubs/index.html
    – USAF Software Technology Support Center (STSC), CrossTalk, The Journal of Defense Software Engineering, “Risk Management,” http://www.stsc.hill.af.mil/crosstalk/2005/02/index.html

    Remember, it’s not the tool or the technique, it’s how you use it. There are many methodologies out there; you need to just pick one and start using it.

    Cheers,
    Ron W

  4. Let’s not forget all of the other free risk management tools and techniques out there:
    – Carnegie-Mellon Software Engineering Institute, Risk Management FAQ, http://www.sei.cmu.edu/risk/risk.faq.html
    – Carnegie-Mellon Software Engineering Institute, OCTAVESM Method, January 31, 2001, http://www.cert.org/octave/methodintro.html
    – Microsoft Corporation, The Security Risk Management Guide, 2004, http://www.microsoft.com/technet/security/guidance/secrisk/default.mspx
    – NIST (National Institute of Standards and Technology), Special Publication 800-30: Risk Management Guide for Information Technology Systems, October 2001. http://csrc.nist.gov/publications/nistpubs/index.html
    – USAF Software Technology Support Center (STSC), CrossTalk, The Journal of Defense Software Engineering, “Risk Management,” http://www.stsc.hill.af.mil/crosstalk/2005/02/index.html

    Remember, it’s not the tool or the technique, it’s how you use it. There are many methodologies out there; you need to just pick one and start using it.

    Cheers,
    Ron W

Comments are closed.
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!