outline

Overview

Implementing Information security management system and keeping track of activities can quickly become a complex and tedious task. A specialized tool may significantly improve efficiency of such system, combining all the necessary information in one place and making it available to those who need it. We are proud to present you with a risk analysis tool, which can do that and a lot more.

Tool based on practice
The tool was originally developed as an aid in our consulting business and it is based on good practice cases. Because it was primarily used for our own needs it had to meet our requirements in terms of efficiency and usability. Resulting output is therefore treated as correct and dependable, which was one of the basic demands in development of the tool.

Who is RAA intended for?
Whether you are a information security officer or a member of management, using our tool will benefit you and your organization. If you are the one responsible for performing risk assessment you will have a powerful tool to maximize the results. You will be able to make detailed reports and provide all the necessary data to management, so proper decisions can be made.

Methodology
Knowing the risks and incorporating a method for risk analysis are two key elements in assuring a safe information environment. Ever-present development of technology and the risk assessment itself combined with the need for return on investment are quite difficult tasks to achieve even to experts.

Achieving intended level of information system protection can vary from one environment to another and therefore requires different approach. Tool's ability to adapt to various demands improves usability and can be suited for large and small organizations. ISO 27001 can be implemented faster and with the help of clear and systematically gathered information, you will always be prepared for internal and external revisions.

Risk Analysis and Management

Leaning on cases of good practice and comprehensive approach to problem solving had resulted in development of policies, which in certain fields became new standards. Serbanes-Oaxley and Basel II for instance, have each on their own field established certain rules that also apply to information systems security and our tool meets them in full. RAA with its updates can assure that even eminent upcoming demands and challenges are dealt with accordingly, by which long term stability and efficiency of the system is achieved, assuring organization's compliance and safer future.

Initial goals for the development of the tool:

  • Multi user environment
  • Centralized control and management
  • Working in browser (Internet explorer, Firefox)
  • Synoptic user interface
  • Revision comparison (by all parameters)
  • Reports, based on controls, assets, threats
  • Visual representations (charts, diagrams)