The ASSESS, PLAN, EXECUTE & MONITOR (APEM™) methodology
consists of four phases. Although the participants of each phase vary
among organizations, the APEM analyst and an organization's lead security
manager are usually the key participants.
The security manager usually relies on other security specialists
or information managers within the organization to provide specialized
expertise. The information captured during the first APEM analysis
provides a foundation that the organization can refine and improve
in subsequent fiscal years or a change in the threat environment.
MSB can provide an initial analysis as well as continual support
using data from similar organizations to provide insight into how
other organizations are handling their threat environment.
PHASE 1—RISK ASSESSMENT
During Risk Assessment, the security manager and APEM analyst determine
which threats are potential risks and estimate the potential damage
to the organization from successful attacks. The APEM analyst helps
the security manager tailor the risk assessment to specifically identify
the organization's concerns and the impact from the threats. The result
is a prioritized set of threats that reflect the organization's risks
and represent the most important security concerns.
PHASE 2—BENEFIT ANALYSIS
Benefit Analysis identifies which risk mitigation strategies are most
effective in the organization. The results of this phase can be used
to conduct cost/benefit analyses and compare alternative countermeasures
for threats.
PHASE 3—COVERAGE ANALYSIS
Coverage Analysis shows how well the organization's security countermeasures
provide for defense in depth against selected threats. The organization
can see how well the current security architecture protects against
the top threats and how new technologies fit into the overall security
architecture.
PHASE 4—SECURITY TRADEOFF ANALYSIS
Organizations select countermeasures based not only on effectiveness
and cost, but how well the technology fits into the organization's
culture and its effect on productivity. Factors, such as complexity,
maintenance, etc., may also influence the decision to select security
technologies, before they are purchased.
Security Tradeoff Analysis is an optional phase that shows security
managers how to identify the important selection criteria and allows
them to compare alternatives based on these criteria.
Gain a better perspective on how to allocate your organization’s
resources with APEM™.
Contact MSB today.
|