The risk assessment tool was originally designed according to the ISO/IEC 27005 Standard, providing organizations an organized method to assess the security risks to their information and assets. The 2013 revision of ISO/IEC 27001 allows for identification of risks using any methodology you like; however, the old methodology (defined by the old 2005 revision of ISO 27001), which requires identification of assets, threats and vulnerabilities, is still dominating.
In RM Studio risk identification is the easiest part of the risk assessment process, because it is done automatically for you, if you have setup the Asset registry correctly.
The next step is the evaluation part is assessing the impact and likelihood of realized threats and vulnerabilities.
Included in RM Studio:
- Asset management
- Risk to Control mapping
- Threat & Vulnerability library
- CIA evaluation
The risk management application provides a systematic approach to complete repeatable, traceable and transparent risk assessments and risk treatment plans, ensuring your team employs the same methodology throughout the risk management process, while organizing and structuring the compliance efforts. The Risk Assessment tool provides you with an organized CIA template evaluations for assets and threats, as well as an ability to create custom evaluation templates, further tailoring the process to your organization’s specific needs.
The Risk Assessment makes the Asset evaluation process simple. By connecting the Assets you create in the Asset Registry to Asset Categories, the relationship to the Threats is done automatically for you. Once you have selected the Assets into the Risk Assessment, all you need to do is evaluate the confidentiality, integrity, availability and value of the asset. Custom Asset evaluation templates can be created to meet the unique needs of your organization.
RM Studio comes equipped with a Threat Library of 149 Threats and Vulnerabilities, which are automatically linked to Asset Categories. You can create or delete Threats in the Library, further tailoring the Assessment tool to your unique organization. The Risk Assessment combines the relationship of the Threats to each of your Assets, providing individual Risks associated
Standards and Controls:
RM Studio includes the ISO/IEC 27001:2013 Standard and the ISO/IEC 27002:2013 Code of practice for information security controls embedded and mapped in the assessment module. Additional International Standards can be added to your license and deployed along with the ISO/IEC 27001, such as the PCI DSS 3.0. Another excellent feature is the deployment of your enterprise specific Standards and Controls for use along with the other International Standards.