Re: Experience with Risk Assessment tools, such as RiskWatch?

[David Grisham <DGrisham () SALUD UNM EDU>]

UNM health sciences center & UNM Hospitals are currently using
RiskWatch's component HIPAAWatch for risk analysis.  The qualitative
analysis is pretty good.  The quantitative questions have been difficult
to establish in this first year of running the system.

Cheers. -grish
David D. Grisham, Ph.D., CISM, CHS, CHSP
Manager, IT Security, UNM Hospitals, Information Technology
1650 University Blvd, S.500, Albuquerque, NM 87102
Ph: (505) 272-5657 FAX 272-3305
Work email: dgrisham () salud unm edu
Adjunct Faculty, Computer Science, UNM
Academic & personal email: dave () unm edu

This communication is intended for the use of the person or entity to
which the communication is addressed and may contain information that is
privileged and confidential, the disclosure of which is governed by
applicable law. If the reader of this message is not the intended
recipient, or the employee or agent responsible to deliver it to the
intended recipient, any unauthorized use or disclosure of this
information may be unlawful and subject to criminal and/or civil
penalties. If you have received this communication in error, please
notify sender immediately and delete the communication and all
attachments.

> > > James Moore <jhmiso () RIT EDU> 11/29/2006 8:12 AM >>>
Does anyone have experience with RiskWatch or other tools that help to
quantitatively define risks in information systems?  I have looked at
RiskWatch, and they seem pretty good, but I just haven't found any other
similar tools for comparison.  Any experiences in implementing internal
risk assessments?  RiskWatch also has an ISO 17799 base, so experiences
(and tools) for leveraging that standard in a higher ed environment are
also welcome.

Thanks,

Jim