XRAM is a risk assessment tool compliant with the ISO/IEC 27005 risk standard. By default the tool is populated with material drawn from ISO/IEC 27000, as follows:
- Business Impact Areas: ISO/IEC 27005, Annex B
- Potential applicable areas of risk: ISO/IEC 27005, Annex C (typical threats)
- Set of countermeasures used to address identified risk areas: ISO/IEC 27001, Annex A Control Objectives
- Threat/Vulnerability Questions drawn from extensive risk assessment experience and targeted at the risk areas identified from ISO/IEC 27005
Modification of the above items and associated mappings allows XRAM to be tailored to an organisation's specific circumstances (such as countermeasures drawn directly from an organisation's security policy processes/procedures) while still retaining ISO/IEC27000 consistency. Hence XRAM can be used purely with its default source material or modified to suit organisation-specific environments.
XRAM provides the ability to produce Microsoft Word template Risk Reports. XRAM writes the various risk assessment tables and results into a Word document. This can be further populated and formatted as necessary. Since bookmarks are used to identify locations in the document to place information, risk reports can be automatically updated with new risk information without the need to rewrite/reformat the whole document.
Use of common browser interfaces ensures that integrated functionality such as spell checking, remembered recent fields, multiple tabs/windows is
available in a consistent way understood by all users.
Follow
this link for XRAM contact information.