CERTS: a comparative evaluation method for risk management methodologies and tools

The advent of decentralized computing and an increasingly important role for information as a resource has prompted the development of a variety of methods and tools for managing the risk exposure of a computer system. As a result of the diversity of risk management tools available, there is no effective means of determining which of the tools would be most suitable for any given organization's situation. A new technique is proposed to effectively and objectively evaluate these tools for suitability and to establish a means of comparison of the tools among each other.<<ETX>>