Absolutely love this research from Gartner. Fantastic job guys.
You Care Because: There are several viable risk
management frameworks our customers can use for assessing and building security
into Vblock Systems. The program is far less important than the execution.
There are several similar sports, business, and personal analogies.
Gartner For Technical Professionals - Comparing
Methodologies for IT Risk Assessment and
Analysis
Authors: Ben Tomhave, Erik T. Heidt & Anne Elizabeth
Robins
To access this research, visit www.gartner.com.
In-Scope Methods:
- FAIR
- ISACA COBIT 5
- ISF IRAM
- ISO/IEC 31000:2009 and 27005:2011
- MAGERIT
- NIST Special Publication 800-30
- OCTAVE Allegro
- RiskSafe
Summary of Findings (page 3)
Bottom Line: Which
method you choose for IT risk assessment and risk analysis is far less
important than ensuring that the selected methodology is operationalized and a
good fit for the corporate culture. It is more important to start
somewhere, getting a process in place that integrates with existing or emerging
risk management processes, and then scaling and evolving practices over time.
The selected approach must be able to produce output that is meaningful to
management, and supporting processes must account for assumptions,
documentation and potential gaming of the system. Tools should be leveraged,
where possible, to ease method adoption.