0x00 Preface
A risk management framework is a structured process that allows an organization to identify and assess risks and reduce risks to acceptable levels
0x01 Common risk management framework
1.NIST Risk Management Framework
NIST’s 7 Frameworks
- Prepare
- Classification
- choose
- implement
- Evaluate
- Authorize
- Detection
2.ISO 27005
- Set the scene
- Risk Identification
- risk estimate
- Risk Assessment
- risk management
- risk acceptance
- Continuous detection and review of risks
- risk communication
2.1 Mainly deal with risks
- ease
- accept
- transfer
- avoid
3.OCTAVE
OCTAVE is a risk assessment method.
- organizational attempt
- Organization's technology infrastructure
- Analyze risks and prioritize them before specifying mitigation strategies