The DSSA working group is evaluating risk-management methods on the way to developing detailed work plans for analyzing the threats and vulnerabilities we're identifying. This page is where we're tracking our work.
Document types:
PDF -- these are read-only files that allow navigation of the mind-map -- but they must be opened in Adobe Reader 9 or later
MMAP -- these are the editable mind-map files -- can be loaded directly into Mindjet's MindManager product or imported into the open-source Freemind program
HTML -- these are straight text html files that can be read by any web browser
Results of 10-Nov teleconference
DSSA - Risk management methods - v1 - map only.pdf
DSSA - Risk management methods - v1.pdf
DSSA - Risk management methods - v1.mmap
DSSA - Risk management methods - v1.html
Results of 17-Nov teleconference
DSSA - Risk management methods - v3.pdf
DSSA - Risk management methods - v3.mmap
DSSA - Risk management methods - v3.html
Results of 24-Nov teleconference
DSSA - Risk management methods - v4.pdf
DSSA - Risk management methods - v4.mmap
DSSA - Risk management methods - v4.html
Results of 1-Dec teleconference
A link to the NIST methodology document;
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
An extract of summary-pictures from the NIST document (an instant overview)
DSSA - NIST 800-30 Overview.pdf
Links to Mikey's mind-map summary of the methodology (discussed on the call)
DSSA - NIST SP800-30 Risk Assessment Methodology.pdf