Information Security Risk Management

The Information Security Risk Management Process with RM Studio

The RM Studio: Assessment and Treatment Module guides you through the Risk Assessment, Gap Analysis, and Risk Treatment process for your organization as described in ISO 27001.

Establishing the Risk Management Context
Prior to starting the risk management steps, RM Studio guides you through the Business Entity, Asset, and Threat Identification process. RM Studio comes equipped with a Threat Library of nearly 150 unique Threats specific to information security risk management. Further, RM Studio automatically links Assets, Threats, and ISO 27001 Mitigating Controls through RM Studio’s Category feature. This feature removes the guesswork and saves you time in the risk management process.

Information Security Risk Assessment with RM Studio
RM Studio comes equipped with Asset and Threat Evaluation Templates based on ISO 27005. Utilizing the Categories feature, RM Studio automatically links Threats to your organization’s Assets, increasing the efficiency and effectiveness of the Risk Assessment process.

ISO 27001 Gap Analysis with RM Studio
With RM Studio’s Gap Analysis process you can assess your organization’s level of compliance with ISO 27001 at any time. Further, the ISO 27001 Gap Analysis results can be carried over to the Risk Treatment phase in RM Studio, simplifying the entire risk management process.

Information Security Risk Treatment in RM Studio
RM Studio automatically combines your Risk Assessment and Gap Analysis results to assist in the development of a Risk Treatment Plan. RM Studio presents you with the security risk levels of Assets and associated Threats, allowing for you to make informed decision in developing your Risk Treatment Plan.

Reports and Other Functionalities of RM Studio

RM Studio is equipped with a reporting function, allowing you to communicate the results of the risk management process to stakeholders. RM Studio has 12 unique reports, including the Statement of Applicability (reviewed in the ISO 27001 certification and audit process), your Risk Treatment Plan, and an Executive Summary of your information security risk management program. RM Studio is customizable, allowing users to create and remove Threats, Categories, Mitigating Controls, and Evaluation Criteria. RM Studio has a copy function that allows you to copy previous Risk Assessments, Gap Analysis, and Risk Treatment Plans, simplifying the update process of these items throughout the life cycle of your risk management program.