Here is a link on risk management http://www.trusecure.com/methodology/
regards, Jordan -----Original Message----- From: Infosec Risks [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 4:54 AM To: [EMAIL PROTECTED] Subject: risk evaluation & risk management Hi, I am quite new to the list but I find many of your discussions quite interesting. At the moment I am working and researching in the field of infosec risk evaluation and risk management. Can anybody help me find some useful links, papers, thesis, tools, anything useful in this field? My idea is to try prove to the IT management in a company they need to invest certain amount of money into the protection of their most valuable assets/information systems. Sometimes it is hard to evaluate the real value of information/assets processed in a company. How to quantify the risks and in the end how can be the identified risks met? The goal is to provide BS7799 compliance of the security policy but again - the most feasible. Most likely companies should not invest more money into their information security than the value of the possible loss is (in case of an incident)? Thanks for your help. BR, Sand@ __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com *********************************************************************** This message is intended only for the use of the intended recipient and may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you are not the intended recipient, you are hereby notified that any use, dissemination, disclosure or copying of this communication is strictly prohibited. If you have received this communication in error, please destroy all copies of this message and its attachments and notify us immediately. ***********************************************************************