A Grey Theory Based Approach to Big Data Risk Management Using FMEA
Table 1
Qualitative methodologies for risk analysis.
Methods and techniques
Description and process
Author
CCTA risk analysis and management method (CRAMM)
Comprises three stages; the first two stages identify and analyze the risks to the system and the third stage recommends how these risks should be managed.
Expert system for security risk analysis and management (RAMeX)
Proposes examining the risk assessment portion of the risk management process in seven steps: define the problem, identify threats, determine the probability of occurrence, identify existing security, assess the business impact, assess security countermeasures, and generate report.
The process involves analyzing one system of the business operation at a time and convening a team of individuals who have business information needs and technical staff who have a detailed understanding of potential vulnerabilities of the system and related controls.
Provides three phases; first phase: conduct a comprehensive assessment of the business impact and determine the business security; second phase: assess threat and vulnerability of incidents occurring in a system; third phase: control selection.
Operationally critical threat, asset, and vulnerability evaluation (OCTAVE)
Organized into four phases: develop understanding of risk to the business, create a profile of each information asset that establishes clear boundaries and identify its security requirements, identify threats to each information asset, and mitigate this risk.