Overview of Three Risk Analyses: MSRAM, OCTAVE, and CRAMM

1892 Words4 Pages
bulb-icon

Recommended: Short note on risk assessment

Introduction

This paper discusses three risk analysis methodologies, specifically, MSRAM, OCTAVE, and CRAMM and provides a detailed description of each and how they incorporate risk into a platform for decision makers to use in their endeavors to prevent, protect, mitigate, respond, and in recovery measures as part of the risk assessment and management processes.

MSRAM

The MSRAM method was established through the U.S. Coast Guard to deliver a uniform and all-inclusive approach for gauging risks and allocating resources throughout all areas of responsibility of the U.S. Coast Guard. It replaced the Port Security Risk Tool and offers a comprehensive, risk-based approach to assessing the nation’s port’s and waterways (Edmonson 2006, 18). MSRAM defines risks as the product of “Threat, Vulnerability and Consequence, R = TVC” (Edmonson 2006, 18). It includes software-guided input tools for estimating each element of risk: T, V and C. Although the Coast Guard reports their risk using a Risk Index Number (RIN), that number can be directly associated with a dollar cost of consequences.

The MSRAM method uses a computer program single tool, a lone set of definitions and a team of trained risk analysts. Furthermore, all data from their analyses are rolled up to a single national database and checked for consistency and reasonableness at four levels of review: 1) the Captain of the Port, 2) the District, 3) Areas, 4) and Headquarters. Additionally, historical data for consequences, for a range of asset classes, are used to create reasonable ranges for user input. This level of quality control is unprecedented in a risk tool and offers a best practice for other risk analysts.

At the moment, MSRAM is the only instrument used on a nationwid...

... middle of paper ...

...ion process.

Conclusion

While there are many forms and methods to assess risk, the above approaches provide alternative options to the decision makers that may or may not be specific to their needs.

References

Edmonson, R. G. 2006. "PSRAT to MSRAM." Journal Of Commerce (15307557) 7, no. 44: 18. Business Source Complete, EBSCOhost (accessed December 18, 2013).

Kouns, Jake and Daniel Minoli. 2010. Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams. John Wiley & Sons.

(Kouns and Minoli 2010)

Blokdijk, Gerard and Ivanka Menken. 2008. Information Security Management Best Practice Workbook: Implementation and Management Roadmap for Threats, Challenges and Solutions - Ready to Use Supporting Documents Bringing Theory Into Practice. Lulu.

(Blokdijk and Menken 2008)

Show More
Related

  • Leadership In Robert Dees The Resilience Trilogy

    480 Words  | 1 Pages

    In the United States Navy Operational risk management (ORM) is personally experienced. The ORM process is taken seriously by everyone in leadership, particularly when failures can be fatal to personnel or equipment damage, therefore, understanding potential risks faced is vital (Eaamonn, 2013). In many organizations and specifically speaking from military experience, risk management is essential to avoiding catastrophic incidents from occurring. Risk management is sometimes unpopular among subordinates so; it is incumbent on leaders to be courageous and standby decisions made. Leaders must be bold and take a stand to protect the community from the effects of flooding even in times of budgetary austerity (Hall,

    Read More

  • Case Study Of The Sprout Foundation

    2486 Words  | 5 Pages

    National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems. Special Publication 800-30, 2002.

    Read More

  • HIPAA, CIA, and Safeguards

    1633 Words  | 4 Pages

    Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.

    Read More

  • Decoy Systems for Computer Crimes: Honeypots

    923 Words  | 2 Pages

    Whitman, M. E. & Mattord, H. J. (2011) Principles of Information Security. Boston: Course Technology. (Whitman & Mattord, 2011)

    Read More

  • The Department Of Homeland Security

    1275 Words  | 3 Pages

    The Department of Homeland Security has a prominent role in maintaining the safety, security and resilience of our nation. In a world where terrorism is an ever-increasing threat and where man-made and natural disasters have left people and areas in devastation, the Department of Homeland Security works diligently to prevent and protect the United States from the effects of such tragedy. In order to effectively protect our nation Department of Homeland Security must assess the risk associated with any terrorist, natural or man-made threat. The risk assessment method that the department uses takes into account certain variables that help the department determine the level of risk. Based on the assessed risk level Homeland Security uses risk management for strategic planning, operations, determining the allocation of resources and grant awards in an attempt to prepare for and mitigate any harm to our nation, critical infrastructure and its people in the event of a tragedy.

    Read More

  • Examples Of Risk Management In Homeland Security

    1281 Words  | 3 Pages

    Risk is present in nearly every action and decision made around the world. Decisions and plans are determined primarily through discovering the risks and finding ways to avoid them and mitigate their impact. There is no doubt that with a mission of greater importance comes greater and more numerous threats and that is why managing risks is a high priority for Homeland Security in the U.S. To ensure the best possible security and safety decisions and plans, homeland security professionals must calculate every risk and find solutions to prevent or mitigate damage they might cause. Policy directly relates to potential risks and without the key resource of research management the nation would not be safe.

    Read More

  • Flayton Electronics Case Study

    929 Words  | 2 Pages

    Saluja, U., & Idris, N. B. (2012). Information Risk Management: Qualitative or Quantitative? Cross Industry Lessons from Medical and Financial Fields. Systemics, Cybernetics and Informatics, 10(3), 54-59.

    Read More

  • The Department Of Homeland Security (DHS)

    656 Words  | 2 Pages

    Using principles of risk management can help policymakers reach informed decisions regarding the best ways to prioritize investments in security programs so that these investments target the areas of greatest need. (!) The DHS had to establish a risk management framework to help the department target its investments in security programs and disaster recovery based on risk. For DHS to have an effective way of conducting risk management, they had to develop a means for every agency to conduct risk management. DHS created the Risk Steering Committee who vision was to enable individual elements, groups of elements, or the entire homeland security enterprise to simultaneously and effectively assess, analyze, and manage risk from multiple perspectives across the homeland security mission space (National Research Council, 2010). One of their first tasking they took on to get the department on the same page was to establish a common vocabulary in dealing with risk management. The DHS Risk Steering Committee developed the Risk Lexicon, which made a common, unambiguous set of official terms and definitions to ease and improve the communication of risk-related issues for DHS (National Research Council, 2010). It facilitates consistency and uniformity in the usage of reporting risk-related information for the department and allots the Risk Steering Committee to set the priorities by evaluating the

    Read More

  • National Security And Threat Assessment Process

    718 Words  | 2 Pages

    National security in the United States is extremely important and requires extensive risk management measures including strategic, exercise, operational and capability-based planning, research, development, and making resource decisions in order to address real-world events, maintain safety, security and resilience (Department of Homeland Security [DHS], 2011). The national security and threat assessment process consists of identifying the risk and establishing an objective, analyzing the relative risks and environment, exploring alternatives and devising a plan of action for risk management, decision making and continued monitoring and surveillance (DHS, 2011). Identifying risks entails establishing a context to define the risk, considering related risks and varying scenarios, including the unlikely ones, which then leads to the analysis phase; gathering data and utilizing various methodologies and analysis data software systems to survey incidence rates, relative risks, prevalence rates, likelihood and probable outcomes (DHS, 2011). These two key phases lay the foundation to explore alternatives and devise action plans. Threats, vulnerabilities and consequences (TCV) are also a key component of many national security risk management assessments because it directly relates to safety and operation capabilities, but the text stress that it should not be included in the framework of every assessment because it is not always applicable (DHS, 2011).

    Read More

  • Regulations and the Impact on Compliance for Businesses

    1214 Words  | 3 Pages

    Whitman, M. E. & Mattord, H. J. (2011). Principles of information security. Boston, MA: Cengage Learning.

    Read More

  • Importance Of Risk Management In Homeland Security

    1107 Words  | 3 Pages

    There is a lot of complexity in understanding risk management and its correlation to homeland security. Risk management is a way to approach the fact that securing the homeland is not certain and there are unknown variables in every aspect of life; risk management is a way to narrow down the focus based on quantifiable information determining probability against capability. Risk management plays and integral role in homeland security. Risk management is employed using a formula described in the NIPP for establishing a narrow scope to make the best decision about protecting infrastructure. The risk management formula lays down the foundation to make the most reasonable determination based on the potential consequences, vulnerability, and

    Read More

  • The Five Steps Of Risk Management In Coca-Cola

    965 Words  | 2 Pages

    As the first step, identify potential risks plays a crucial role in the risk management process. The core purpose of identifying risk is to figure out causes of risk and analyze result caused by the risks and its probability . Hence, risk identification can begin with the source of problem, or with the problem itself. The chosen method of identifying risk may depend on culture, industry practice and compliance. The identification

    Read More

  • Information Security

    2693 Words  | 6 Pages

    The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.

    Read More

  • Risk Management: COSO and SHAMPU frameworks

    2000 Words  | 4 Pages

    Over the past decade, risk and uncertainty have increasingly become major issues which impact business activities. Many organizations are raising awareness to minimize the adverse consequences by implementing the process of Risk Management Framework which plays a significant role in mitigating almost all categories of risks. According to Ward (2005), the objective of risk management is to enhance a company’s performance. In particular, the importance of the framework is to assist top management in developing a sensible risk management strategy and program.

    Read More

  • Essay On Importance Of Risk Management

    709 Words  | 2 Pages

    After identifying the risk, next step is to decide how to handle those risk. There are four main strategies that can help to decide what to do with the

    Read More

More about Overview of Three Risk Analyses: MSRAM, OCTAVE, and CRAMM

Open Document