CIS Risk Assessment Method (RAM)
CIS RAM is the information security risk assessment method that enables organizations to implement the CIS ControlsTM .
CIS RAM provides guidance in establishing balanced security controls with practical resources such as templates, illustrative examples, and explanatory content. It is organized into three separate categories in order to develop security safeguards that are most appropriate for an organization – new to risk assessment, experienced, and expert. As every entity has a unique environment to keep secure, CIS RAM takes those nuances into account by incorporating a balanced approach based on an organization’s mission, objectives, and obligation. It is designed to establish duty of care to ensure security policies are compliant, safe, and in accordance to business objectives.
Released with CIS Controls v.7[1] in early 2018, this risk assessment method can also be applied other risk assessment methods[2] such as ISO 27005, NIST SP 800-30, and companions to other frameworks such as GDPR, 23 NYCRR Part 500, and HIPAA.
CIS RAM[3] was developed by HALOCK[4] Security Labs[5] in partnership with CIS® (Center for Internet Security, Inc.) and is available for download at no cost on the CIS website.
References[edit]
- ↑ "CIS Controls™ Version 7 Launched Today". Cision.
- ↑ "CIS Risk Assessment Method (CIS RAM) FAQ – Part 1". CIS.
- ↑ "CIS RAM FAQ". Center for Internet Security.
- ↑ "HALOCK's Intellectual Property Will Help Organizations Establish Duty of Care for Cybersecurity". Yahoo Finance.
- ↑ "CIS RAM and Use with Regulatory Frameworks". Center for Internet Security.
This article "CIS Risk Assessment Method (RAM)" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:CIS Risk Assessment Method (RAM). Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
