Agencja Unii Europejskiej ds. Cyberbezpieczeństwa, Kompendium ram zarządzania ryzykiem z potencjalną interoperacyjnością

COMPENDIUM OF RISK MANAGEMENT FRAMEWORKS WITH POTENTIAL INTEROPERABILITY

Supplement to the Interoperable EU Risk Management Framework Report

JANUARY 2022

This report presents the results of desktop research and the analysis of currently used cybersecurity Risk Management (RM) frameworks and methodologies with the potential for interoperability. The identification of the most prominent RM frameworks and methodologies was based on a systematic survey of related risk management approaches adopted in different contexts (including industry, business, government, academia, etc), at national, international and sectoral levels.

This collection of identified frameworks and methodologies includes well known and widely used RM standards that provide high level guidelines for risk management processes that can be applied in all types of organisations (e.g. ISO 27005; NIST SP 800-37, SP 800-30 & SP 800-39; BSI 100-3; OCTAVE S, Allegro & FORTE, Open FAIR etc.); frameworks applied in specific regions...