Risk management for IT (CRAMM Lite)
- Asset identification and valuation
- Threat and vulnerability assessment
- Countermeasure selection and recommendatio
- Impact - CIA(Confidentiality, integrity and availability) are scored.
- Vulnerability - Loss(C), error(I) and failure(A) are scored.
- Counter measures - Countermeasures already in place and those that will be implemented in the future are scored.
The impact is rated as 4 – Critical – Confidentiality = Secure, Integrity = Very high, Availability = Mandatory. The impact is rated as 4 – High loss probability, High error probability, High failure probability. Counter measures is rated as 2 – Service provider due diligence. The score is thus 10 out of a max of 12 = 84%.