Main Nav

Hi everyone,  I am curious what you are using for risk assessments.  We have developed a guide with a step-by-step process for completing risk assessments.  Our process includes documenting compliance with controls that are associated with threat/vulnerability pairs as well as likelihood and impact assessments.  Unfortunately we aren't using a tool that does a good job for aggregating or correlating data.  Does anyone have a cost effective solution for performing risk assessments, or is anyone willing to share what they have developed? 
John Forker
Chief Information Security Officer
University of Maine System
(207) 973-3293