Frameworks & Standards
We provide risk assessments based on the following accepted frameworks.
NIST SP 800-30 rev.1
This NIST publication provides guidance for conducting risk assessments and describes the interrelationships between the various components of the organizational risk management process. It also provides guidance regarding the ongoing monitoring of risk within the organization.
This international standard provides guidance for assessing and evaluating risk as part of an overall risk management process and is aligned with other related standards for risk assessment, management, and mitigation. ISO/IEC 27005 is a key element in the development of the Information Security Management System (ISMS) defined in ISO/IEC 27001.
OWASP Risk Assessment Framework
The OWASP Risk Assessment Framework (RAF) consist of Static application security testing and Risk Assessment tools. By using OWASP Risk Assessment Framework’s Static Application Security Testing tool out testers will be able to analyze and review the code quality and vulnerabilities of web applications without any additional setup.
NIST SP 800-115
This NIST publication provides technical guidance for information security testing and assessments. It is not intended to present a comprehensive information security testing or assessment program, but rather an overview of the key elements of technical security testing and assessment with emphasis on specific techniques, their benefits and limitations, and recommendations for their use.