Scribd Logo
Upload

Welcome to Scribd!

  • Cybersecurity and Privacy Risk Management Standard Framework

    Uploaded by

    Akhtarul Islam
    55 views2 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    55 views2 pages

    Cybersecurity and Privacy Risk Management Standard Framework

    Uploaded by

    Akhtarul Islam

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Cybersecurity and Privacy Risk Management Standards and Frameworks

    1.0, 20.08.2023

    Framework Organization Country Price


    Enterprise risk management (ERM)
    1. ISO 31000:2018 ISO International, CHF124
    Risk management — Guidelines Switzerland ($140)
    2. COSO Enterprise Risk Management COSO International, £158
    Integrating with Strategy and Performance USA
    3. RIMS Risk Maturity Model (RMM) RIMS International, $199
    USA
    4. S&P Enterprise Risk Management Evaluations S&P International, Free
    USA
    Information Security, Privacy, and IT
    5. ISO/IEC 27005:2022 ISO International, CHF187
    Information security, cybersecurity and privacy protection — Guidance on Switzerland ($210)
    managing information security risks

    6. ISO/IEC 27557:2022 ISO International, CHF124


    Information security, cybersecurity and privacy protection — Application of Switzerland ($140)
    ISO 31000:2018 for organizational privacy risk management

    7. Information Risk Assessment Methodology 2 (IRAM2) ISF International, For


    USA members
    8. EBIOS Risk Manager (EBIOS RM) ANSSI France Free
    9. OCTAVE FORTE CMU USA Free
    (Operationally Critical Threat, Asset, and Vulnerability Evaluation FOR
    The Enterprise)

    10. Factor Analysis of Information Risk (FAIR) FAIR Institute USA 35$
    11. Risk IT Framework ISACA International, 75$
    (+Risk IT Practitioner Guide, Risk Starter Kit Tool Risk Scenarios Starter Pack) USA
    12. COBIT Focus Area: Information and Technology Risk ISACA International, 90$
    Using COBIT 2019 USA
    13. EU Risk Management Toolbox ENISA Europe Free
    14. NIST Risk Management Framework RMF NIST USA Free
    15. NIST SP 800-30 Rev. 1 NIST USA Free
    Guide for Conducting Risk Assessments

    16. NIST SP 800-39 NIST USA Free


    Managing Information Security Risk: Organization, Mission, and Information
    System View

    17. Cyber security risk management framework NCSC UK Free


    18. Controls of Risk and Business Continuity Management DGA Saudi Arabia Free
    for Digital Government
    19. Risk Analysis based on IT-Grundschutz BSI Germany Free
    (BSI-Standard 200-3)
    20. IEC 62443-3-2:2020 IEC International, CHF220
    Security for industrial automation and control systems - Part 3-2: Security risk Switzerland
    assessment for system design
    ($250)
    21. Threat Assessment & Remediation Analysis (TARA) MITRE USA Free
    22. Microsoft’s Cloud Risk Decision Framework Microsoft USA Free

    by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001


    www.patreon.com/AndreyProzorov
    Cybersecurity and Privacy Risk Management Standards and Frameworks
    1.0, 20.08.2023
    Links:
    1. ISO 31000: https://www.iso.org/standard/65694.html
    2. COSO: https://www.coso.org/guidance-erm
    3. RIMS: https://www.rims.org/Tools/risk-maturity-model
    4. S&P: https://www.spglobal.com/ratings/en/products-benefits/products/enterprise-risk-management-
    evaluations

    5. ISO 27005: https://www.iso.org/standard/80585.html


    6. ISO 27557: https://www.iso.org/standard/71675.html
    7. IRAM2: https://www.securityforum.org/solutions-and-insights/information-risk-assessment-
    methodology-iram2
    8. EBIOS: https://www.ssi.gouv.fr/guide/ebios-risk-manager-the-method
    9. OCTAVE FORTE: https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=644636
    10. FAIR: https://www.fairinstitute.org/what-is-fair
    11. RISK IT Framework: https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004Ko9VEAS
    12. COBIT Focus Area: https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KmAREA0
    13. EU Toolbox: https://www.enisa.europa.eu/publications/interoperable-eu-risk-management-toolbox
    14. NIST RMF: https://csrc.nist.gov/projects/risk-management/about-rmf
    15. NIST SP 800-30: https://csrc.nist.gov/pubs/sp/800/30/r1/final
    16. NIST SP 800-39: https://csrc.nist.gov/pubs/sp/800/39/final
    17. NCSC Framework: https://www.ncsc.gov.uk/collection/risk-management/cyber-security-risk-
    management-framework
    18. DGA RM:
    https://dga.gov.sa/en/Controls_Of_Risk_and_Business_Continuity_Management_For_Digital_Governme
    nt
    19. BSI-Standard 200-3: https://www.bsi.bund.de/DE/Themen/Unternehmen-und-
    Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/BSI-Standards/BSI-Standard-200-3-
    Risikomanagement/bsi-standard-200-3-risikomanagement_node.html
    20. IEC 62443-3-2: https://webstore.iec.ch/publication/30727
    21. TARA: https://www.mitre.org/news-insights/publication/threat-assessment-and-remediation-analysis-
    tara
    22. Microsoft CRDF:
    https://download.microsoft.com/documents/australia/enterprise/smic1545_pdf_v7_pdf.pdf

    by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001


    www.patreon.com/AndreyProzorov

    You might also like