Risk Management

Inventory of Risk Management / Risk Assessment Methods and Tools
Introduction
The Risk Management Process
Corporate Risk Management Strategy
Communication, Awareness & Consulting
Scope & Framework

Definition of Scope & Framework
Risk Assessment
Risk Treatment
Risk Acceptance

Risk Acceptance (optional process)
Monitor & Review
Risk Management & Information Security Management Systems
Need

The Need for ISMS
Critical success factors

Critical success factors for ISMS
Framework

The ISMS Framework
Submit & Update

Submitting & Updating Methods and Tools
Template

Template of Risk Management - Risk Assesment Methods
Submit & Update

Submitting & Updating Methods and Tools
Template

Template of Risk Management - Risk Assesment Tools
Open issues – Road map for further activities in Risk Management
Comparability / Interoperability

Comparability / Interoperability of methods and tools
Identification of combinations

Identification of combinations of methods
Demonstrators and awareness

Generation of demonstrators and awareness material
Continuity & Emerging Risks
Software base

Generation of an installed software base
Risk Management Integration

Integration of Risk Management with other processes/disciplines
Priorities
Glossary
Downloads
Literature
Acknowledgements
Integration of Risk Management with Business Processes
Governance
Frameworks
Framework Worldwide
Basel 2
MiFID
SOX
ICS
ERM
Lifecycle
Operational IT Processes
ITIL
Application Development Process
PRINCE2™
CMMI
ENISA RM/RA Framework
Application of Results
IT Processes
Planning & Initiation

Integration of Processes - Planning and Initiation
Quality Assurance

Integration of Processes - Quality Assurance
Governance Framework
Design (conceptual)

Implementation of Business Governance - design level (conceptual)
Design (process flow)

Implementation of Business Governance - design level (process flow)
Execution (conceptual)

Implementation of Business Governance - Execution level (conceptual)
Execution (process flow)

Implementation of Business Governance - Execution (process flow)
ADOit Modeling Language
Modeling Tool

The Modelling Tool ADOit 3.0®
The Modelling Language
Downloads
Acknowledgements
IT Continuity Home
Scope, Assumpions, Approach, Structure & Targets
Scope

IT Continuity: Scope
Assumptions

IT Continuity: Assumptions
Approach

IT Continuity: Approach
Structure

IT Continuity: Structure & Targets
BC/RM Interfaces
The Business Continuity Process
Define Framework

Define BCM Framework
Conduct BI Analysis

Conduct Business Impact Analysis
Design Approach

Design BCM approach
Deliver BCP

Deliver BCP Plan
Test BCP
Sustain BCM

Sustain BCM programme
IT RM & BC

Relationship between IT Risk Management & Business Continuity
Define BCM Framework
Initiate BCM

Initiate a BCM Programme
Identify Organisation

Identify the Organisation
Assign BCM Responsibilities
Management

Business Continuity Management Team
Steering Committee

Business Continuity Steering Committee
Assign Incident Teams
Senior management team

Senior management team (Gold team)
Incident management team

Incident management team (Silver team)
Business unit management team

Business unit management team (Bronze team)
Incident response team
Example

Example of how the three-tier incident response would operate
Define BCM Policy
Define scope
Define drivers

Define BC drivers
Define stakeholders
Conduct Business Impact Analysis
Assessment

Assess Risks and Impacts
Analysis

Analyze Results
Prioritise recovery

Prioritise recovery/define critical resource requirements
Design BCM approach
Assess Risks & Impact

Determine recovery options
Analyze Results

Agree recovery strategy
Design BCP
Suite of documents
Deliver BCP
Incident Response Plan
Incident Management Plan
Business Recovery Plans
Recovery Support Plans
Communications & Media Plan
IT Service Continuity Plan
Business Resumption Plan
Supporting Documents
IT Reqs & Gap Analysis

IT Requirements & Gap Analysis
Risk Registers
Test BCP
Determine test

Determine type of test
Write test plan
Conduct test
Report test

Deliver debrief and test report
Sustain BCM

Sustain BCM Programme
Train staff
Maintain & review BCP
Change Management
Continuous Improvement
Develop Awareness
Inventory of Business and IT Continuity Methods
Inventory of Business and IT Continuity Tools
Downloads
Usage

Usage of this section
Definitions & Scope
Defining RM/RA
Scope

Scope: relevant documents
Approach
Normative Framework

Template and structure of the normative framework
Data Protection / Privacy
National Security
Civic & Penal Law
Corporate Governance
eBusiness

E-Business
RM/RA Standards

Risk Managemet / Risk Assessment Standards
Downloads

Downloads related to RM Laws & Regulations
Acknowledgements
Report on RM/RA in European regulation, international guidelines
Current Risk
Risk Management for SMEs
Risk Management and Risk Assessment for SMEs

Risk Management and Risk Assessment for SMEs scrutinized- how appropriate is the ENISA simplified security approach?
ENISA approach to Business Continuity for SMEs

Deliverable 2010: A Business Continuity Approach for SMEs
Self Assessed Risk Management (SARM)
Approaches for SMEs
Ad-hoc Working Group on Risk Assessment and Risk Management

Ad-hoc Working Group on Risk Assessment and Risk Management
WG 2007-2008

Ad-hoc Working Group on Risk Assessment and Risk Management (WG-RARM)
WG 2006-2007

Ad-hoc Working Group on Risk Assessment and Risk Management
WG 2005-2006

Ad-hoc Working Group on Risk Assessment and Risk Management
Ad hoc ENISA Working Group on National Risk Management Preparedness

The present page is the central location of information about the Terms of Reference for the ENISA Working Group on National Risk Management Preparedness (WG NRMP) and the generated deliverable.
Working Group on Economics of Security

ENISA aims at collecting and analysing existing knowledge available in the area of Economics of Security. Besides an open consultations to collect relevant information on relevant topics, literature, open issues and relevant stakeholder groups...

Threat and Risk Management