Some of you maybe made some risk analysis in the past, and maybe some others use to do risk analysis in a regular basis. Some people use Octave, CRAMM, NIST or other risk analysis methodologies, but… Have you ever though if you have a GAP or a lack of visibility in the way you use to do your analysis? I created a presentation where I explain in details this topic, you can see my presentation here: Thinking on risk analysis from Ramiro CidRead More →

The ISO 31000:2009 is a standard published on the 13th of November 2009, and provides a standard on the implementation of risk management which provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment. ISO 31000 family is expected to include: * ISO 31000:2009 – Principles and Guidelines on Implementation * ISO/IEC 31010:2009 – Risk Management – Risk  Assessment Techniques * ISO Guide 73:2009 – Risk ManagementRead More →