Published under Risk Management

Product identity card

General information
Basic information to identify the product

Method or tool name : MIGRA
Vendor name : AMTEC/Elsag Datamat S.p.A.
Country of origin : Italy

Level of reference of the product
Details about the type of initiator of the product

Private sector organisation / association : Yes
Public / government organization : Yes

Specify the phases this method supports and a short description

R.A. Method phases supported

  • Risk identification
  • Risk analysis stakes
  • Risk evaluation

R.M. Method phases supported

  • Risk assessment
  • Risk treatment
  • Risk acceptance
  • Risk communication

International standard : N/A

Brief description of the product

  • MIGRA (Metodologia Integrata per la Gestione del Rischio Aziendale) is a qualitative risk assessment and management methodology suitable to deal with both information and tangible assets risks. The methodology provides an analysis framework based on the classical vision of risk as a multidimensional entity depending on the answers to three questions: a) what could go wrong? b) how likely is it to go wrong? c) given that it happens, what are the consequences? In line with this vision, MIGRA defines:
    • a security and risk taxonomy for the two considered domains (information and tangible assets);
    • a logical framework for generating a model of the security perimeter to be analyzed;
    • an algorithm (based on questionnaires) for assessing, on a four level qualitative scale (High, Medium, Low, Negligible/Not applicable), the value of both information and tangible assets relevant to the above perimeter;
    • a scheme for performing threat and vulnerability analysis;
    • a procedure for calculating (on a qualitative scale) risk;
    • a mechanism to identify in every scenario a set of appropriate security measures;
    • a procedure to perform gap and compliance analysis with reference to corporate security policies, norms, standards, guidelines and best practices
    Unlike other methodologies, MIGRA forces and helps the analyst to precisely put in relationship threats, attacks, security measures and components of the security perimeter. In this way, the methodology allows to clearly understand the consequences (in terms of risks and costs) of deciding to implement or not implement every security measure.

Date of the first edition, date and number of actual version

Date of first release : June 1999, first release of a previous version of the methodology (named Defender)
Date and identification of the last version : September 2006, version 2.1

Useful links
Link for further information

Official web site : N/A
User group web site : N/A
Relevant web site : N/A

List the available languages that the tool supports

Availability in European languages : Italian, English

Specify the price for the method

  • Price: Sold as part of security consultancy services

Page top


Target organisations
Defines the most appropriate type of organisations the product aims at

  • Government, agencies
  • Large companies

Specific sector : N/A

Geographical spread
Information concerning the spread of this tool

Used in EU member states : Yes
Used in non-EU member states : No

Level of detail
Specify the target kind of users

  • Management
  • Operational
  • Technical

License and certification scheme
Specify the licensing and certification schemes available for this method

Recognized licensing scheme : N/A
Existing certification scheme : N/A

Page top

Users viewpoint

Skills needed
Specify the level of skills needed to use and maintain the solution

  • To introduce : Basic knowledge on physical and logical security
  • To use : Specialist
  • To maintain : Specialist

Consultancy support
Specify the kind of support available

Consultancy : Company specific

Regulatory compliance
There is a given compliance of the product with international regulations

  • Italian privacy regulation

Compliance to IT standards
There is a compliance with a national or international standard

  • ISO27000 series

Trial before purchase
Details regarding the evaluation period (if any) before purchase of the product.

  • N/A

Maturity level of the Information system
The product gives a means of measurement for the maturity of the information system security

It is possible to measure the I.S.S. maturity level : No

Tools supporting the method
List of tools that support the product

Non commercial tools

  • N/A

Commercial tools

Technical integration of available tools
Particular supporting tools (see C-7) can be integrated with other tools

Tools can be integrated with other tools : No

Organisation processes integration
The method provides interfaces to existing processes within the organisation

Method provides interfaces to other organisational processes : No

Flexible knowledge databases
It is possible to adapt a knowledge database specific to the activity domain of the company.

Method allows use of sector adapted databases : Yes

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies