Please note that COBRA is currently under re-development/enhancement and not presently available for purchase. We will update
this site when development is complete.
Some years ago C&A Systems Security Ltd launched Release 1 of a
security risk analysis product which was to change the conventional approach to
risk management. The product, COBRA, not only provided a unique business type
interface, but enabled security risk assessment to be undertaken by
organizations themselves, without the need to employ expensive outside
Since then, COBRA has evolved and expanded, BUT has continued to embrace
these key usability principles. It has also embraced the functionality to optionally deliver other security
services, such as checking compliance with the ISO 17799 security standard, or
with an organizations own security policies.
The net result is a product which is proving invaluable in delivering
security risk analysis and other key security services in countless
organizations across the globe.
The New Era In Security Risk Management
It is now widely accepted that IT security is a business issue. Equally, it is
largely expected that security reviews will be business related, with cost
justified solutions and recommendations.
In addition, as organizations seek a better and more visible return on their
security budgets, many adopt new approaches to the traditional constraints of
lack of expertise, time and finance.
Often, a formal risk analysis or risk assessment technique is employed.
However, conventional methods and tools simply do not address the new demands
placed by business management. Some go part of the way, but tend to introduce
their own drawbacks and difficulties.
To tackle these problems, an entirely new methodology had to be developed.
This followed years of research and was produced in full co-operation with one
of the worlds major financial institutions.
It was recognized that business users should be involved from the outset.
This carries a number of advantages, and shapes the entire review. In addition,
a number of other radical departures were called for. The result was a risk
analysis methodology and tool that meets the most stringent of requirements,
fully satisfying the changing demands placed upon the security or audit team.
The following pages will examine: