Risk Analysis, Risk Assessment, Risk Management

"Risk Analysis helps establish a good security posture; Risk Management keeps it that way"
- B. D. Jenkins (1998).
"If your entire Security Infrastructure is not sound your business could fail."
- searchSecurity.com

Why does it often require a unique situation to make the risk clear? Could we possibly consider all threats?

Risk Management Holds the Key to Security and Trust: In a Nutshell, Riskohåndtering er nøkkelen til sikkerhet og tillit

Security Risk Analysis holds the key: A security policy framework is necessary to support the security infrastructure required for the secure movement of sensitive information across and within national boundaries. To ensure the secure operation of this kind of infrastructure, it is necessary to have some well-founded practice for the identification of security risks (as well as the application of appropriate controls to manage risks). This practice can be formalised and (semi)-automated by the use of formal methods and tools which increase the reliability of the system specification (and therefore users' confidence in it). This is important since the security of a system is largely dependent upon the accuracy of its specification. To be truly beneficial, the risk analysis framework must be granular enough to produce a customisable roadmap of which problems exist, and to rank them in order of severity, which facilitates making decisions about which ones to deal with first. CORAS (A Platform for Risk Analysis of Security-critical Systems) is an EU/IST project within the 5th framework programme, the basic idea for which was proposed and initiated by the author in an attempt to meet the requirements mentioned above, among others. Its main objective is to develop a practical (the word practical emphasised) framework for a precise, unambiguous and efficient risk analysis, by exploiting the synthesis of risk analysis methods with object-oriented modelling, (semi-)formal methods and tools, in order to improve the security risk analysis and security policy implementation of security-critical systems. Since the critical infrastructures of, for example, medical services, banking and finance, gas and electricity industries, transportation, water, and telecommunications are making use of the public Internet for communication, not least for the exchange of business, administrative and research information, it must be our aim to make these critical infrastructures totally secure and unassailable.

There are already in existence standards for the management of information security, which are commonly accepted and publicly available specifications:

Risk Analysis, Assessment, Management, based on [1] AS/NZS 4360:1999 and [2] NS 5814 Risk Analysis Methodologies
Adaptive Risk Management

A European website presents science research and multimedia on health, food and risks

This European website specialises in presenting multimedia content on public funded European research in the areas of Health, Genomics and Food Safety. In addition, information and arguments on relevant risk issues are covered. The science subjects are treated in easy to understand modules for educators, students, interested public and film producers.

EUSEM is funded through the sixth Framework Programme of the European Commission

Risk Analysis Tools/Products

Risk Analysis and Related Links

Open Source Risk Management Tools

I proffer my sincere apologies for linking to most of the sites above prior to asking permission,
in the event of inconvenience having been caused!

Web page maintained by Habtamu Abie (abie@nr.no)