MIGRA Tool
Tool Identity Card
General information
Basic information to identify the product
Tool name : MIGRA Tool
Vendor name : AMTEC/Elsag Datamat S.p.A.
Country of origin : Italy
Level of reference of the tool
Details about the coverage or the « originators » of the solution
Coverage : Local
Supported by organization, club,... (e.g. as sponsor) : N/A
Brief description of the product
Give a brief description of the product containing general information, overview of functions…
-
“MIGRA Tool” is a web application based on the MIGRA methodology (Metodologia Integrata per la Gestione del Rischio Aziendale). It is designed to support security officers (SO) during the whole process of designing and maintaining an effective and cost effective protection system, with reference to both information and tangible assets security. In fact, when adopted, it becomes the core of the organisation Security Management System (SMS), providing the data necessary to make informed decisions about which actions to take, to justify these decisions and to understand their consequences. Functions are provided to perform actions such as:
- generating a model of the organisation suitable for security analysis
- assessing the adequacy and effectiveness of security measures vs. threats and normative or organisational security policy requirements
- identifying and allocating security roles and responsibilities
- consolidating and sharing security know-how about both threats and countermeasures
- performing a qualitative risk analysis
- performing compliance analysis with reference to legislation, rules, standards or internal policies
- providing risk indicators
- performing what-if analysis
- producing management and operational reports
The tool consists of 5 major modules: - the knowledge base (providing full ISO 27001:2005 compliance) - the scenario modelling tool - the risk analysis and conformity engine - the what-if engine - the report generator engine.
One installation of the tool can be used to manage multiple companies. Multiple languages are supported (English and Italian currently available).
Supported functionality
Specify the functionality this tool provides.
R.A. Method phases supported
-
Risk identification : Yes
-
Risk analysis : Yes
- Risk Evaluation: Yes
Other phases
-
Asset Inventory : Yes
R.M. Method phases supported
-
Risk assessment: Yes
-
Risk treatment : Yes
-
Risk acceptance : Yes
- Risk communication : Yes
Other phases
-
Security perimeter modeling
- Compliance/gap management : The functionality is provided by the tool. The database currently supports ISO 27001:2005 standard and Italian privacy regulations.
- Threat/vulnerability analysis
Other functionality
-
N/A
Information processed
-
N/A
Lifecycle
Date of the first edition, date and number of actual version
Date of first release : June 2002, first release of a previous version of the tool (named Defender Manager)
Date and identification of the last version : December 2007, version 2.0
Useful links
Link for further information
Official web site : N/A
user group web site : N/A
Relevant web site : N/A
Languages
List the available languages that the tool supports
Languages available : Italian, English
Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)
-
Price : From 30K€ (depending on the size of the company or group of companies using the tool)
- Maintenance : 15% of the license price
Sectors with free availability or discounted price : N/A
Trial before purchase
Details regarding the evaluation period of the tool
CD or download available : N/A
Identification required : N/A
Trial period : N/A
Tool architecture
Specify the technologies used in this tool
-
Database : The database stores the knowledge base of the tool (threats, attacks, countermeasures, components for security perimeter modeling, etc.) and the scenario models created by the users.
- Web server : Presentation
- Application Server : Business logic
- Client : User interface based only on an Internet browser
Scope
Target public
Defines the most appropriate type of communities for this tool
-
Government, agencies
-
Large scale companies
Specific sector : N/A
Spread
Information concerning the spread of this tool
General information : N/A
Used inside EU countries : N/A
Used outside EU countries : N/A
Level of detail
Specify the target kind of people for this tool based on its functionality
Management : Risk indicators, what-if analysis, management reports, risk treatment.
Operational : Scenario modeling, asset and threat assessment risk and compliance assessment, operational reporting.
Technical : Countermeasures selection support.
Compliance to IT Standards
List the national or international standard this tool is compliant with
-
ISO27000 series
Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard
-
ISO27001:2005
Training
Information about possible training courses for this tool
Course : On request
Duration : 3 days
Skills : Previous experience in physical and logical security and risk management.
Users viewpoint
Skills needed
Specify the skills needed to use and maintain the solution
-
To install : Windows Server, IIS and SQL server system administrator skills
-
To use : MIGRA training course
-
To maintain : MIGRA training course
Tool Support
Specify the kind of support the company provides for this product
Support : Help desk MCC - MIGRA Competence Center (the service fee is 10% of the license price)
Organization processes integration
Describe user roles this tool supports
Supported Roles
-
N/A
Intergration in Organization activities
-
Security officers and any other role involved in security administration
Interoperability with other tools
Specify available interfaces or other ways of integration with other tools
-
N/A
Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides
-
N/A
Flexibility of tool's database
Can the database be customized and adapted to client requirements?
-
The tool provides a Knowledge Base Builder Module (KBB) that allows to edit, delete and add components, threats, attacks, countermeasures, etc.