It is now widely accepted that IT security is a business issue. Equally, it is largely expected that security reviews will be business related, with cost justified solutions and recommendations.
In addition, as organisations seek a better and more visible return on their security budgets, many adopt new approaches to the traditional constraints of lack of expertise, time and finance.
Often, a formal security risk analysis or risk assessment technique is employed. However, conventional methods and tools simply do not address the new demands placed by business management. Some go part of the way, but tend to introduce their own drawbacks and difficulties.
To tackle these problems, an entirely new methodology had to be developed. This followed years of research and was produced in full co-operation with one of the worlds major financial institutions.
It was recognised that business users should be involved from the outset. This carries a number of advantages, and shapes the entire review. In addition, a number of other radical departures were called for. The result was a risk analysis methodology and tool that meets the most stringent of requirements, fully satisfying the changing demands placed upon the security or audit team.
The following pages will examine:
For more information on the COBRA system, please do not hesitate to contact us.
File Download Area
Copyright © 2002 C & A Systems Security Ltd
