Risk Methodologies

The following Risk Methodologies are supported within Agiliance RiskVision in conjunction with the Enterprise Risk Manager application.

COSO ERM

Committee of Sponsoring Organizations of the Treadway Commission’s Enterprise Risk Management (COSO ERM) is a framework that provides a clear direction and guidance for enterprise risk management. The guidance introduces an enterprise-wide approach to risk management.

ISO 27005

ISO/IEC 27005:2011 is the Information technology -- Security techniques -- Information security risk management standard. This standard is a risk methodology that provides guidance on information security risk management and was also designed to support ISO 27001’s implementation concepts.

ISO 31000

ISO 31000:2009 consists of a multitude of risk management standards that are to provide organizations the common principles and guidelines for managing risk. This risk methodology is provided in Agiliance RiskVision.

NIST SP 800-30

The Risk Management Guide for Information Technology Systems is a risk methodology that can be implemented in Agiliance RiskVision. Created by the National Institute of Standards and Technology this guide is meant for Federal organizations that process sensitive information, however non-government organizations can use the guidelines as well.

NIST SP 800-137

This risk methodology, Information Security Continuous Monitoring for Federal Information Systems and Organizations, was developed by the National Institute of Standards and Principles to help organizations create and implement a continuous monitoring program.

OCTAVE-Allegro

Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) - Allegro is a risk methodology that helps organizations to perform effective and efficient security risk assessments.

Agiliance

The Leader in Integrated Governance, Risk and Compliance