IT Security Risk Management (ITSRM)
TOOLS AND TECHNIQUES
INTRODUCTION
In addition to Risk Management, Contingency Planning, and Security Awareness Best Practices, we provide tools and techniques to help you evaluate your IT Security and Business Continuity Management requirements.  Below is a brief description with a link to samples of the respective tools and techniques that are developed with Common Office Environment (COE) applications which are easily installed, updated, tailored, and maintailed by your own staff.  Note:  Some tools require a spreadsheet to view.
Link Description
 Business Impact Analysis 1.  Create an Enterprise-wide BIA for your organization and prioritize your assets.  The BIA identifies the systems and applications, business units, operations and processes that are essential to the organization and its mission.  The BIA in conjunction with the Asset Valuation helps the business owner establish priorities with respect to the protection and/or recovery of assets.
Asset Specification Worksheet 2.  Use this worksheet to provide asset description, documentation, ownership, inputs, and outputs.
Asset Valuation 3.  The asset valuation tool enables you to establish the value in dollars, but also, establish recovery and/or replacement priorities (e.g., protect or replace).
Asset Inventory Form 4.  Used this flexible inventory form to identify hardware and/or software components
Preventive Controls 5.  Use this tool to include a list of cost-effective preemptive methods that may obviate or ease the impact of a disruption.
Contingency Task Table 6.  Use the flexible task tool to document the actions required in the Notification/Activation, Recovery, and/or Reconstitution phase of the contingency planning effort.
CP Contact List 7.  The flexible Contingency Plan contact list will list all team personnel and their alternates responsible for the recovery effort.
Call Tree Log 8.  This tool will enable the first responders, Contingency Planning Coordinator, and those responsible for Notifying recovery teams reach and log who will or will not be available to respond to the emergency.
Incident Report Form 9.  Use the handy incident reporting form to document any abnormal occurrence in your organization.  When in doubt, report it!
IT Policy Quiz 10.  Test your employee's knowledge of your IT Policies and Standards.  This easy-to-use and modify form uses common software (MS Excel) and can be updated with you own company questions.
Scope Determination 11.  Use this tool to define the scope of your effort including key personnel, asset components, constraints, etc.
Risk Assessment Report 12.  Use this form to develop a Risk Assessment report as specified in NIST SP 800-30.

HOME PAGE