Flack Fest

XRAM involves risk assessment activities common to most risk assessment methods, namely:

Definition of the Security Scope of the System
Business Impact Assessment (BIA) of the system's Information Assets
Definition of the applicable risk areas
An impact assessment using threat and vulnerability questions
Calculation of Measure of Risk (MoR) ratings for all applicable risk areas (in terms of confidentiality, integrity and availability)
Identification of countermeasures used to counter identified risks, including an associated MoR to prioritise treatment of that risk

XRAM distinguishes itself from other risk assessment methods and tools through its

Provision of template and example documents needed to perform a risk assessment (Scope of System Security, BIA, Risk Report)
Ability to tailor source information relating to BIA, Risk Areas, Threat/Vulnerability Questions, Countermeasures and mappings between them
Ease of sharing of common elements between different risk assessments (e.g. BIA profiles, Threat/Vulnerability profiles)
Use of current, well understood, standard browser interfaces to access functionality and information (e.g. Internet Explorer, Firefox, Chrome)

XRAM is a risk assessment tool compliant with the ISO/IEC 27005 risk standard. By default the tool is populated with material drawn from ISO/IEC 27000, as follows:

Business Impact Areas: ISO/IEC 27005, Annex B
Potential applicable areas of risk: ISO/IEC 27005, Annex C (typical threats)
Set of countermeasures used to address identified risk areas: ISO/IEC 27001, Annex A Control Objectives
Threat/Vulnerability Questions drawn from extensive risk assessment experience and targeted at the risk areas identified from ISO/IEC 27005

Modification of the above items and associated mappings allows XRAM to be tailored to an organisation's specific circumstances (such as countermeasures drawn directly from an organisation's security policy processes/procedures) while still retaining ISO/IEC27000 consistency. Hence XRAM can be used purely with its default source material or modified to suit organisation-specific environments.

XRAM provides the ability to produce Microsoft Word template Risk Reports. XRAM writes the various risk assessment tables and results into a Word document. This can be further populated and formatted as necessary. Since bookmarks are used to identify locations in the document to place information, risk reports can be automatically updated with new risk information without the need to rewrite/reformat the whole document.

Use of common browser interfaces ensures that integrated functionality such as spell checking, remembered recent fields, multiple tabs/windows is available in a consistent way understood by all users.

Follow this link for XRAM contact information.