• Overview|
• Capabilities|
• Downloads|
• Contact us|
• Training|
• Support

• Home|
• Site map|
• Help

• Latest news
• Risk assessment
• Business continuity
• ISO 27001 compliance
• GLBA/HIPAA compliance
• Controls database
• Documentation
• Consultancy

Risk assessment tool

CRAMM includes a comprehensive range of risk assessment tools that are fully compliant with ISO 27001and which address tasks such as:

• Asset dependency modelling
• Business impact assessment
• Identifying and assessing threats and vulnerabilities
• Assessing levels of risk
• Identifying required and justified controls on the basis of the risk assessment.

A flexible approach to risk assessment

CRAMM's risk assessment tools can be used to answer single questions, to look at organisations, processes, applications and systems or to investigate complete infrastructures or organisations. Users have the option of a rapid risk assessment tool or a full, more rigorous, analysis.

The risk assessment tools are extremely flexible and allow you to explore different issues and answer many different questions. Example include:

• Determining if there is a requirement for specific controls, eg. strong authentication, encryption, power protection or hardware redundancy
• Identify the security functionality required for a new application
• Developing the security requirements for an outsourcing or managed service agreement
• Review the requirements for physical and environmental security at a new site
• Examine the implications of allowing users to connect to the Internet
• Demonstrate compliance with legislation such as the Data Protection Act
• Develop a security policy for a new system
• Audit the suitability and status of security controls on an existing system
• Demonstrate to an ISO 27001 auditor that a 'ISO 27001-compliant' risk assessment has been undertaken and that appropriate security controls have been identified

Evaluating the findings

CRAMM contains a variety of tools to help evaluate the findings of a risk assessment including:

• Determining the relative priority of controls
• Recording the estimated costs of implementing the controls
• Modelling changes to the risk assessment, using 'what-if?' calculations
• Back-tracking through the risk assessment to show the justification for specific controls.

More on risk management

Download our range of datasheets and white papers describing risk management.

• Managing Risk Across Your Organisation

• Identity Theft
• Telecom Fraud
• Shooting Phish in a Barrel

Training courses

View our current range of management and practitioner training courses.

• Training courses