Appendix B. Risk Analysis, Policy and Standard, and System Hardening Resources
Risk analysis resources
Risk analysis methods |
URL |
---|---|
SANS Quantitative risk analysis step-by-step |
http://www.sans.org/reading_room/whitepapers/auditing/quantitative-risk-analysis-step-by-step_849 |
FAIR |
http://www.riskmanagementinsight.com/media/docs/FAIR_brag.pdf |
NIST risk management guide |
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf |
CERT OCTAVE | |
DREAD threat model |
http://msdn.microsoft.com/en-us/library/aa302419.aspx#c03618429_011 |
STRIDE threat classification |
http://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx |
Get Enterprise Security: A Data-Centric Approach to Securing the Enterprise now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.