Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Cybersecurity & Project Management

List of IT Risk Analysis Methodologies

This post summarizes some relevant IT risk analysis methodologies.


IT risk analysis methodologies

List of IT risk analysis methodologies:

  • NIST 800-30
  • ISO 27005
  • Magerit
  • Mehari
  • Microsoft’s Security Management Guide

NIST 800-30

NIST Special Publication 800-30, abbreviated as NIST SP 800-30 or NIST 800-30, whose title is “Guide for Conducting Risk Assessment”, is issued and managed by NIST, a governamental organization of the USA.

It was originally published in January 2002, and updated on September 2012.

You can find more about SP 800-30 Rev. 1 on this link.

Link to Framework for Improving Critical Infrastructure Cybersecurity

ISO 27005

Latest version is ISO/IEC 27005:2018.


Magerit, sometimes written as MAGERIT, is issued and managed by institutions related to the Government of Spain.

Latest version is from 2012 (version 3).

You can find a complete post about Magerit on this link.


Mehari is issued and managed by CLUSIF (Club de la Securité de l’Information Français).

Link to Mehari entry at ENISA


OCTAVE stands for Operationally Critical Threat, Asset, and Vulnerability Evaluation.

Latest version is from 2005, so it does not seem to be updated.

You can find more information on this link.

Microsoft’s Security Management Guide

It was developed by Microsoft, and more specifically Microsoft Solutions for Security and Compliance and Microsoft Security Center of Excellence.

It was issued on 2006 so I guess it is completely outdated.

It is still available to be checked on this link.


You might be also interested in…

External references


About pmgallardo

I studied Computer Science at University of Salamanca. Since then, I have been working first as developer and then as SAP consutant. This blog is about problems I dealt when using computers, and more important, the solutions I found. Whenever I am on an issue and suddenlly I have a flash that leads me to a solution, I document my discoveries in a post.

, , , , , , , , , , , , , , , , , , , , , ,

No comments yet.

Leave a Reply


Política de privacidad
Studii Salmantini. Campus de excelencia internacional