Category:GARAP

From SARMA Common Knowledge Base Project

The primary focus of the Generally-Accepted Risk Assessment Principles (GARAP) project is to identify and promote best practices in the industry, leading to the eventual convergence of divergent security risk assessment methods nationwide. Through the identification and promulgation of generally accepted principles SARMA hopes to bring rigor and standardization to the process of assessing security risks, while increasing decision-maker confidence in the outcome.SARMA’s GARAP Project is similar in concept to the successful approach used by the Financial Accounting Standards Board (FASB) in setting Generally Accepted Accounting Principles (GAAP) to guide the accounting industry.

Why do we need generally accepted principles for assessing security risk? Currently there are few, if any, documented best practices or widely recognized approaches for tackling many of the difficult issues involved with security risk analysis. The lack of best practices has historically resulted in duplication of efforts and wasteful spending across the federal government. SARMA believes that the creation of such a resource will represent a further critical step towards maturing the profession and its methods. Through the increasing of "interoperability" and "compare-ability" of risk analysis methods, duplication of federal efforts and wasteful spending may be reduced and security improved.