The Monte Carlo method can also aid in other risk methodologies such as Time-based analysis (Curtis, et al 2001). It further allows the determination of the range of possible outcomes and delivers a normalised distribution of probabilities for likelihood.
Combining stochastic techniques with Bayesian probability and complex time series analysis techniques such as Heteroscedastic mapping is mathematically complex, but can aid in situations where accuracy is crucial.
- A number of stochastic techniques have been developed to aid in the risk management process.
- These are based on complex mathematical models that use stochastically generated random values to compute likelihood and other ratios for our analysis model.
Some existing tools for risk analysis
Crystal ball is a simple Monte Carlo simulation/analysis product. It uses tornado analysis and life in hyperacute sampling. Crystal ball is one of the simpler stochastic risk analysis tools available.
Risk + is designed for performing schedule risk analysis. It is a simple time based analysis system used to identify potential faults in a fault tree style. Risk + uses Monte Carlo simulations to determine likelihood. This enables the product to demonstrate a possible cost by using the resource allocation values that it has created through cost histogram. This probability histogram is based on stochastically determined outcomes.
Cobra is particularly useful for organisations that use ISO 17799 as a security model. It is used to measure the ISMS of the organisation against the 10 core controls of ISO 17799. Cobra uses a cost justification model based on cost benefit analysis. Cobra integrates they risk dynamics based approach to knowledge-based questionnaires. It in my oppinion offers little value when the cost is taken into account.
Octave is one of the leading risk methodologies. It is a little vague in places and to qualatitive for my tastes.
Risk Management and IT Governance
- The need for a corporate governance framework
- The need for an internal control framework
- The relationship between governance, the internal control framework and risk management
- COSO & COBIT® - The background
More on these next time.