EUIST

EUIST

Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

risk assessment and management – ENISA – report on visualisation and overview of process models

May 20th, 2008 · No Comments

    This is a report that outlines what ENISA intends to do in this area of risk management and risk assessment.
    The report is a first step and is supposed to help larger and smaller firms to figure out these issues using the tools that ENISA intends to produce eventually – future deliverables.

ENISA has published another report about risk assessment and risk management, we quote out of the press release:

    “This report is the first step in a corporate governance framework that ENISA soon will announce. ENISA’s report and accompanying framework is targeted mainly to IT security, risk management, IT governance professionals.”

This report is part of the 2007 deliverables and uses both:

    ADOit® 3.0 is a modelling tool, for support service management and architecture management by providing the means to illustrate, analyse and optimise service processes and IT infrastructuresITIL-Information Technology Infrastructure Library, that ENISA chooses to call a de facto standard, I call it a money maker – nothing more and nothing less but not a standard, no way.

Interesting is that the report was done by the Boc Group – German subsidiary the owner of the ADOit® 3.0

Also of interest:
InfoSec InfoSec – follow us on Twitter sign up to our alerts about zero-day exploits and newsletters here
CASEScontact CASEScontact follow us on Twitter my take on the EBay vs Craigslist law suit – court docs, screen shotsWhat is Twitter good fo

Some Questions one may wish to ask after having read this report?If one looks at this report from a SME perspective one could be surprised that ENISA chose ADOit® 3.0 as the solution. Especially, since it does not appear to offer anything unqiue and from an SME’s perspective, the package is rather costly. The people who wrote the report as contractor on ENISA’s behalf do, however, own this methodology.
Reading up to and including p. 33 one learns how the software can be used without telling us much new. Page 37 starts with presenting the application of the framework presented. Again, what is new here is unclear.

Neither does the report explain why an SME should use this approach and what the unique benefits might be or what marketers call:

    — what is the unique selling proposition? —

We look forward to see the follow-up report and implementation of this ENISA approach.

Integration of Risk Management with Operational IT Processes dated 03/12/2007 released 2008-05-20 881KB – pdf

Tags: Uncategorized

No Responses to “risk assessment and management – ENISA – report on visualisation and overview of process models”

  • There are no comments yet...Kick things off by filling out the form below.

    • Leave a Comment

    You can add a link to follow you on twitter if you put your username in this box.
    Only needs to be added once (unless you change your username). No http or @     Twitter

    Subscribe without commenting