RM Studio 3.0.1 was released on March 11th 2011.

Release notes for RM Studio patch 3.0.1

The following list summarizes the features and bug fixes released with this
version Risk Management Studio:

1. Performance
     1.1. RM Studio’s performance has been greatly increased when working with very large sets of data.
2. In Grid Editing
     2.1. Multi row editing is now available for certain columns in Asset, Assessment, Gap Analysis, and Risk Treatment. This should decrease the time it takes for large sets of data to be properly edited and signed values.
     2.2. All columns that have a finite number of available values can now have their values changed directly in their lists/grid
     2.3. All columns that have a finite number of available values can now be modified for multiple rows at once. This is accomplished by selecting the desired rows and using the context menu (right click) to assign a new value.
3. Running RM Studio as Administrator
     3.1. More modifications have been made to remove the need to run RMStudio to register license keys and save data base connection information.
4. 3rd party software have been updated so that .Net 3.5, and Windows installer 3.1 are no longer required to install and run RM Studio.
5. Evaluation Template and 3.0 upgrade issues.
     5.1. A bug that was introduced when users upgraded their databases to 3.0 has been fixed.
     5.2. This issue presented itself firstly with the swapping of the Template Factors Availability” and “Vulnerability of an Asset” in the default Threat and Asset Evaluation Templates.
     5.3. Due to this mismatch evaluation columns in Assessment could be seen in the wrong order as well as containing the wrong values.
     5.4. Users who installed 3.0 fresh (i.e: did not upgrade from 2.3) will not have encountered this issue.
     5.5. The fix restores the Evaluation Templates to their proper state and fixes all incorrect data remaining from 2.3

RM Studio version 3.0 was released on January 7th 2011.

The following list summarizes the features and bug fixes released with this version of Risk Management Studio:

• A number of readymade Standards are now available for purchase and use
• Each Standard comes with the ability to reset its individual data or redeploy that data to the database at any time.
• Any future updates to these Standards will be easily upgradable.
• The Standards currently available are:

 

ISO/IEC 27001:2005 Annex A with implementation guidance from ISO/IEC 27002:2005
ISO/IEC 27001:2005 Annex A with implementation guidance from ISO/IEC 27011
ISO/IEC 27001:2005 – Information security management systems - Requirements
ISO 14001:2004 – Environmental management system
ISO 9001:2008 – Quality management system
WLA-SCS:2006 World Lottery Standard
PCI DSS – Payment Card Industry (PCI) Data Security Standard
BS 25999-2:2007 Business continuity management – Part 2

More Standards may become available in the future or upon request.

• Standards are now available in individual languages (for those translated) based on a user's needs.
• Risk Treatment has received a lot of attention regarding the overall workings as well as bug fixes.
• The average of Current and Future Security Risk for each Asset within a Risk Treatment is now displayed
• The Reload button has been overhauled and should work in a comprehensive and more useful way.
• Many other smaller issues have also been addressed.
• Encryption for the configuration file containing the database connection strings has been altered to no longer require the RSA container. This should remove the permission issues some users were facing.
• Three new reports, both local and server, have been added:
• Gap Analysis – Results
• Controls with Assets
• Risks with Controls (Local version only)
• Default Threat, Category, Evaluation Template, and Threat Category data can now be individually reset based on a user's needs.
• Entities (Business Entity, Asset, Threat, and Standard) have been moved to the top of the menu tree to facilitate a more intuitive feel to the flow of the program.
• Threats are now displayed and capable of being grouped by Package (Standard). This will become useful as more Standards that include their own Threat information become available.
• The License window now properly shows all available features.
• Administrators no longer require the old password of a user to change it.
• It is now mandatory to assign Assets owners, any Asset with no owner will no longer be available to add to a Risk Assessment.