Published under Risk Management

Tool Identity Card

General information
Basic information to identify the product

Tool name : MIGRA Tool
Vendor name : AMTEC/Elsag Datamat S.p.A.
Country of origin : Italy

Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : Local
Supported by organization, club,... (e.g. as sponsor) : N/A

Brief description of the product
Give a brief description of the product containing general information, overview of functions…

  • “MIGRA Tool” is a web application based on the MIGRA methodology (Metodologia Integrata per la Gestione del Rischio Aziendale). It is designed to support security officers (SO) during the whole process of designing and maintaining an effective and cost effective protection system, with reference to both information and tangible assets security. In fact, when adopted, it becomes the core of the organisation Security Management System (SMS), providing the data necessary to make informed decisions about which actions to take, to justify these decisions and to understand their consequences. Functions are provided to perform actions such as:
    - generating a model of the organisation suitable for security analysis
    - assessing the adequacy and effectiveness of security measures vs. threats and normative or organisational security policy requirements
    - identifying and allocating security roles and responsibilities
    - consolidating and sharing security know-how about both threats and countermeasures
    - performing a qualitative risk analysis
    - performing compliance analysis with reference to legislation, rules, standards or internal policies
    - providing risk indicators
    - performing what-if analysis
    - producing management and operational reports
    The tool consists of 5 major modules: - the knowledge base (providing full ISO 27001:2005 compliance) - the scenario modelling tool - the risk analysis and conformity engine - the what-if engine - the report generator engine.
    One installation of the tool can be used to manage multiple companies. Multiple languages are supported (English and Italian currently available).

Supported functionality
Specify the functionality this tool provides.

R.A. Method phases supported

  • Risk identification : Yes
  • Risk analysis : Yes
  • Risk Evaluation: Yes

Other phases

  • Asset Inventory : Yes

R.M. Method phases supported

  • Risk assessment: Yes
  • Risk treatment : Yes
  • Risk acceptance : Yes
  • Risk communication : Yes

Other phases

  • Security perimeter modeling
  • Compliance/gap management : The functionality is provided by the tool. The database currently supports ISO 27001:2005 standard and Italian privacy regulations.
  • Threat/vulnerability analysis

Other functionality

  • N/A

Information processed

  • N/A

Date of the first edition, date and number of actual version

Date of first release : June 2002, first release of a previous version of the tool (named Defender Manager)
Date and identification of the last version : December 2007, version 2.0

Useful links
Link for further information

Official web site : N/A
user group web site : N/A
Relevant web site : N/A

List the available languages that the tool supports

Languages available : Italian, English

Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)

  • Price : From 30K€ (depending on the size of the company or group of companies using the tool)
  • Maintenance : 15% of the license price

Sectors with free availability or discounted price : N/A

Trial before purchase
Details regarding the evaluation period of the tool

CD or download available : N/A
Identification required : N/A
Trial period : N/A

Tool architecture
Specify the technologies used in this tool

  • Database : The database stores the knowledge base of the tool (threats, attacks, countermeasures, components for security perimeter modeling, etc.) and the scenario models created by the users.
  • Web server : Presentation
  • Application Server : Business logic
  • Client : User interface based only on an Internet browser

Page top


Target public
Defines the most appropriate type of communities for this tool

  • Government, agencies
  • Large scale companies

Specific sector : N/A

Information concerning the spread of this tool

General information : N/A
Used inside EU countries : N/A
Used outside EU countries : N/A

Level of detail
Specify the target kind of people for this tool based on its functionality

Management : Risk indicators, what-if analysis, management reports, risk treatment.
Operational : Scenario modeling, asset and threat assessment risk and compliance assessment, operational reporting.
Technical : Countermeasures selection support.

Compliance to IT Standards
List the national or international standard this tool is compliant with

  • ISO27000 series

Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

  • ISO27001:2005

Information about possible training courses for this tool

Course : On request
Duration : 3 days
Skills : Previous experience in physical and logical security and risk management.

Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

  • To install : Windows Server, IIS and SQL server system administrator skills
  • To use : MIGRA training course
  • To maintain : MIGRA training course

Tool Support
Specify the kind of support the company provides for this product

Support : Help desk MCC - MIGRA Competence Center (the service fee is 10% of the license price)

Organization processes integration
Describe user roles this tool supports

Supported Roles

  • N/A

Intergration in Organization activities

  • Security officers and any other role involved in security administration

Interoperability with other tools
Specify available interfaces or other ways of integration with other tools


  • N/A

Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides

  • N/A

Flexibility of tool's database
Can the database be customized and adapted to client requirements?

  • The tool provides a Knowledge Base Builder Module (KBB) that allows to edit, delete and add components, threats, attacks, countermeasures, etc.
Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies