Security Risk Analysis & Assessment, and ISO 27000 Compliance
THE SRM TOOLKIT
This is widely considered to be the ulitmate toolset for security risk professionals.
It can now be viewed on its own dedicated website: www.risk.biz
The Leading Security Risk Analysis and ISO 27000 Compliance Tool
No two enterprises are the same, and neither are their security requirements. Risk Consultant will therefore dynamically generate questionnaires from 'knowledge base' modules that are specifically suited to the organization, environment and system under review.
Risk Consultant is designed to be truly self analytical. It can be used without the need for detailed security knowledge or expertise in using risk management software. There is no need to employ expensive consultants to 'back-up' the system.
A major design feature is the modularization of the Risk Consultant 'knowledge base' questionnaires. This enables modules to be targeted at personnel with the appropriate expertise and knowledge, and fully supports scheduling. For new developments, it also allows stage by stage assessment (design, development, acceptance testing and implementation).
The reports produced by Risk Consultant are NOT standard computer output. They are in the form of professional business reports and are suitable for interpretation by both technical and non-technical management.
Knowledge Base Customization
Through the separately shipped Module Manager component all elements of the knowledge base can be changed, including question modules, weightings, recommendations, and output assessment text. This facility is important where an organization wishes to alter the system to fit its own culture, or where a very specialist and possibly unique risk element has to be assessed.
What If ... ? Solution Testing
Risk Consultant fully supports 'hypothesis testing'. The impact that specific additional controls would have on the system's risk level can be dynamically ascertained.
On-line help is essential to enable full 'self analysis'. Risk Consultant provides help at both system level (to guide the user through the exercise) and question level to offer further explanation when addressing complex areas).