Published under Risk Management

Product identity card

General information
Basic information to identify the product

Method or tool name : ISAMM
Vendor name : Telindus N.V.
Country of origin : Belgium

Level of reference of the product
Details about the type of initiator of the product

Private sector organisation / association : Yes

Specify the phases this method supports and a short description

R.A. Method phases supported

  • Risk identification
  • Risk analysis
  • Risk evaluation

R.M. Method phases supported

  • Risk assessment
  • Risk treatment
  • Risk acceptance
  • Risk communication

Brief description of the product

  • ISAMM or ‘Information Security Assessment & Monitoring Method’ is an ISMS supporting risk management method, with supporting tools. It has been designed and continually improved based on Telindus’ more than 20 years experience with thousands of information security – and risk management projects and tens of other risk management methods and tools. It is a quantitative type of risk management methodology where the assessed risks are expressed, through their Annual Loss Expectancy (ALE), in monetary units. ALE being the annual expected loss or cost should a threat or a group of threats being materialised.
    Annual Loss Expectancy (ALE) = [probability] x [average impact]
    This forms the basis for the Return On Investment (ROI) based approach and the economical justification capabilities of ISAMM with respect to the risk treatment plan. ISAMM allows showing and simulating the reducing effect on the risk ALE for each improvement control and to compare this with its cost of implementation.
    ISAMM’s efficiency allows performing sound risk assessment within minimal time and effort. In order to achieve this, most of our information security experience has been incorporated and made available for immediate reuse in each assessment. Telindus has also minimized the required steps in the assessment by using as many direct links to the ISO/IEC 27002 controls as possible. Also maximal support of the ISO/IEC 27001 ISMS standard was considered as a key requirement for ISAMM during its design and development.
    The latest evolution in the ISAMM methodology introduces an asset based approach which means it can be used to run risk assessments against an asset or a grouped set of assets.
    An ISAMM risk assessment contains 3 main parts: • scoping; • assessment - compliance and threats; • result – calculation and reporting.

Date of the first edition, date and number of actual version

Date of first release : 2002
Date and identification of the last version : N/A

Useful links
Link for further information

Official web site :
User group web site : N/A
Relevant web site : N/A

List the available languages that the tool supports

Availability in European languages : English

Specify the price for the method

  • N/A

Page top


Target organisations
Defines the most appropriate type of organisations the product aims at

  • Government, agencies
  • Large companies
  • SMEs
  • Commercial CIEs
  • Non commercial CIEs

Specific sector : N/A

Geographical spread
Information concerning the spread of this tool

Used in EU member states : BE, FR, DE, IR, IT, LU, PT, ES, NL, UK
Used in non-EU member states : CN, SE, CH, TH

Level of detail
Specify the target kind of users

  • Management
  • Operational

License and certification scheme
Specify the licensing and certification schemes available for this method

Recognized licensing scheme : No
Existing certification scheme : No

Page top

Users viewpoint

Skills needed
Specify the level of skills needed to use and maintain the solution

  • To introduce : Standard
  • To use : Standard
  • To maintain : Standard

Consultancy support
Specify the kind of support available

Consultancy : Telindus consultants

Regulatory compliance
There is a given compliance of the product with international regulations

  • Standard ISAMM verifies compliance with ISO/IEC 27002 but it can be engineered to comply to all kinds of standards, laws and regulations, proprietary policies…

Compliance to IT standards
There is a compliance with a national or international standard

  • Standard ISAMM verifies compliance with ISO/IEC 27002 but it can be engineered to comply to all kinds of standards, laws and regulations, proprietary policies…

Trial before purchase
Details regarding the evaluation period (if any) before purchase of the product.

Availability : N/A

Maturity level of the Information system
The product gives a means of measurement for the maturity of the information system security

It is possible to measure the I.S.S. maturity level : No

Tools supporting the method
List of tools that support the product

Non commercial tools

  • ISAMM Consultant tool

Commercial tools

  • ISAMM Client tool

Technical integration of available tools
Particular supporting tools (see C-7) can be integrated with other tools

Tools can be integrated with other tools : Export to spreadsheet possible

Organisation processes integration
The method provides interfaces to existing processes within the organisation

Method provides interfaces to other organisational processes : N/A

Flexible knowledge databases
It is possible to adapt a knowledge database specific to the activity domain of the company.

Method allows use of sector adapted databases : N/A

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies