Following our last topic, risk analysis, in this new post I would like to remark there are different risk analysis metodologies, but finally all of them are tools which give us the way to do a revision of our situation, with the objective of reduce our residual risk with the use of controls in an efficient way.
Normally is difficult to justify the investment of money in Cybersecurity. Using a risk analysis metodology, we can justify in an easier way our CAPEX because these metodologies could be a part of a business case (we can calculate our asset value and also possible impact and risk).
I created 2 presentations about Risk Analysis & Risk Management; this is the second of these 2 documents.
This presentation incluse all these topics: (presentation in spanish)
- Análisis de Riesgos: Desarrollo de las fases
- Análisis de Riesgos: Metodología NIST SP 800-30
- Análisis de Riesgos: Metodología OCTAVE
- Análisis de Riesgos: Metodología CRAMM
- Análisis de Riesgos: Comparativa de las metodologías
- Gestión de Riesgos: Aspectos generales
- Gestión de Riesgos: Plan Director de Seguridad
You can see my presentation here (in Spanish):