X RAM © - Cross System Risk & Audit Method

XRAM - Cross System Risk and Audit Tool Information


XRAM involves risk assessment activities common to most risk assessment methods, namely:
  • Definition of the Security Scope of the System
  • Business Impact Assessment (BIA) of the system's Information Assets
  • Definition of the applicable risk areas
  • An impact assessment using threat and vulnerability questions
  • Calculation of Measure of Risk (MoR) ratings for all applicable risk areas (in terms of confidentiality, integrity and availability)
  • Identification of countermeasures used to counter identified risks, including an associated MoR to prioritise treatment of that risk

XRAM distinguishes itself from other risk assessment methods and tools through its
  • Provision of template and example documents needed to perform a risk assessment (Scope of System Security, BIA, Risk Report)
  • Ability to tailor source information relating to BIA, Risk Areas, Threat/Vulnerability Questions, Countermeasures and mappings between them
  • Ease of sharing of common elements between different risk assessments (e.g. BIA profiles, Threat/Vulnerability profiles)
  • Use of current, well understood, standard browser interfaces to access functionality and information (e.g. Internet Explorer, Firefox, Chrome)
XRAM is a risk assessment tool compliant with the ISO/IEC 27005 risk standard. By default the tool is populated with material drawn from ISO/IEC 27000, as follows:
Modification of the above items and associated mappings allows XRAM to be tailored to an organisation's specific circumstances (such as countermeasures drawn directly from an organisation's security policy processes/procedures) while still retaining ISO/IEC27000 consistency. Hence XRAM can be used purely with its default source material or modified to suit organisation-specific environments.

XRAM provides the ability to produce Microsoft Word template Risk Reports. XRAM writes the various risk assessment tables and results into a Word document. This can be further populated and formatted as necessary. Since bookmarks are used to identify locations in the document to place information, risk reports can be automatically updated with new risk information without the need to rewrite/reformat the whole document.

Use of common browser interfaces ensures that integrated functionality such as spell checking, remembered recent fields, multiple tabs/windows is available in a consistent way understood by all users.

Follow this link for XRAM contact information.