Marion
Product identity card
General information
Basic information to identify the product
Method or tool name : MARION: Méthodologie d'Analyse des Risques Informatiques et d'Optimisation par Niveau
Vendor name : CLUSIF
Country of origin : France
Level of reference of the product
Details about the type of initiator of the product
Private sector organisation / association : CLUSIF - Club de la Sécurité Informatique Français
Identification
Specify the phases this method supports and a short description
R.A. Method phases supported
-
Risk identification : There is a predefined set of 17 types of threats
-
Risk analysis : Each threat is used against each asset
-
Risk evaluation : Step 2 of MARION is the vulnerability assessment, Step 3 of MARION is the risk analysis and the evaluation of the risk
Brief description of the product
-
The method MARION (Methodology of Analysis of Computer Risks Directed by Levels) arises from the CLUSIF, http://www.clusif.asso.fr, and the last update was performed in 1998. It is based on a methodology of audit, which, as its name indicates, allows for estimating the level of IT security risks of a company through balanced questionnaires giving indicators in the form of notes on various subjects relative to security. The objective of the method is to obtain a vision of the company with regard to a level considered "correct", and on the other hand with regard to companies having already answered the same questionnaire. The level of security is estimated according to 27 indicators distributed in 6 large subjects, each of them assigns a grade between 0 and 4. The level 3 is the level to be reached to ensure a security considered as correct. At the conclusion of this analysis, a more detailed analysis of risk is carried out to identify the risks (threats and vulnerabilities) that face the company.
Note: The CLUSIF does not sponsor this method anymore, as MARION is replaced by MEHARI. However, MARION is still used by various companies
Lifecycle
Date of the first edition, date and number of actual version
Date of first release : 1990
Date and identification of the last version : 1998 (not maintained anymore)
Useful links
Link for further information
Official web site : http://www.clusif.asso.fr/en/clusif/present/
User group web site : N/A
Relevant web site : http://www.clusif.asso.fr/fr/production/catalog/index.asp
Languages
List the available languages that the tool supports
Availability in European languages : German
Price
Price unknown
-
Free
Scope
Target organisations
Defines the most appropriate type of organisations the product aims at
-
Large companies
Specific sector : N/A
Geographical spread
Information concerning the spread of this tool
Used in EU member states : France, Belgium, Luxembourg
Used in non-EU member states : Switzerland, Canada (Quebec)
Level of detail
Specify the target kind of users
-
Management
-
Operational
License and certification scheme
Specify the licensing and certification schemes available for this method
Recognized licensing scheme : No
Existing certification scheme : No
Users viewpoint
Skills needed
Specify the level of skills needed to use and maintain the solution
-
To introduce : Basic
-
To use : Standard
-
To maintain : Basic
Consultancy support
Specify the kind of support available
Consultancy : Open market
Regulatory compliance
There is a given compliance of the product with international regulations
-
N/A
Compliance to IT standards
There is a compliance with a national or international standard
-
N/A
Trial before purchase
Details regarding the evaluation period (if any) before purchase of the product.
Availability : No
Maturity level of the Information system
The product gives a means of measurement for the maturity of the information system security
It is possible to measure the I.S.S. maturity level : No
Tools supporting the method
List of tools that support the product
Non commercial tools
-
No
Commercial tools
-
MS Excel
Technical integration of available tools
Particular supporting tools (see C-7) can be integrated with other tools
Tools can be integrated with other tools : No
Organisation processes integration
The method provides interfaces to existing processes within the organisation
Method provides interfaces to other organisational processes : No
Flexible knowledge databases
It is possible to adapt a knowledge database specific to the activity domain of the company.
Method allows use of sector adapted databases : No