- CRAMM
= History =
CRAMM (CCTA Risk Analysis and Method Management) was created in 1987 by the central Agency of Data Processing and Telecommunications of the United Kingdom government. CRAMM is currently on its fifth version, CRAMM Version 5.0. CRAMM comprises three stages, each supported by objective questionnaires and guidelines. The first two stages identify and analyse the risks to the system. The third stage recommends how these risks should be managed. The three stages of CRAMM are as follows:
Stage 1 The establishment of the objectives for security by:
* Defining the boundary for the study;
* Identifying and valuing the physical assets that form part of the system;
* Determining the ‘value’ of the data held by interviewing users about the potential business impacts that could arise from unavailability, destruction, disclosure or modification;
* Identifying and valuing the software assets that form part of the system.Stage 2 The assessment of the risks to the proposed system and the requirements for security by:
* Identifying and assessing the type and level of threats that may affect the system;
* Assessing the extent of the system's vulnerabilities to the identified threats;
* Combining threat and vulnerability assessments with asset values to calculate measures of risks.Stage 3 Identification and selection of countermeasures that are commensurate with the measures of risks calculated in Stage 2. CRAMM contains a very large countermeasure library consisting of over 3000 detailed countermeasures organised into over 70 logical groupings.
Deployment
CRAMM is in use by
NATO , the Dutch armed forces, and corporations working actively on security, likeUnisys .References
* [http://www.cramm.com/ CRAMM]
* [http://www.gammassl.co.uk/topics/hot5.html/ GAMMASS]External links
* [http://www.veridion.net/ Veridion information security compliance directory]
* [http://www.insight.co.uk/products/cramm.htm/ Insight Consulting]
* [http://www.enisa.europa.eu/rmra/methods_tools/t_cramm.html/ Enisa]
Wikimedia Foundation. 2010.