Risk Assessment Methodologies


I will discuss three of the top information security risk assessment methodologies; OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation), FAIR (Factor Analysis of Information Risk), and NIST RMF (National Institute of Standards and Technology’s Risk Management Framework) . Included will be a brief overview of each including three pros and cons associated with the use of each one. Lastly, I will discuss my recommendations and the reasoning behind why.

Continue reading