Proteus
Tool Identity Card
General information
Basic information to identify the product
Tool name : Proteus
Vendor name : Infogov (Information Governance Limited)
Country of origin : United Kingdom
Level of reference of the tool
Details about the coverage or the « originators » of the solution
Coverage : World-Wide (State oriented)
Supported by organization, club,... (e.g. as sponsor) : British Standards Institution (BSI) - Information Security Forum (ISF) - Holistic Information Security Practitioner Institute (HISP institute)
Brief description of the product
Give a brief description of the product containing general information, overview of functions…
-
Proteus Enterprise is a comprehensive web server based compliance, information security and risk management, and Corporate Governance tool developed by Information Governance Ltd. The entire range of Proteus products, and its preceding versions, have been branded and distributed by the British Standards Institution since 1995, although most enterprise level sales are direct via Information Governance Ltd and its global distribution network managed by Veridion Inc., Canada. Proteus allows organizations to implement the controls of any standard or regulation, e.g. BS ISO/IEC 17799 and BS ISO/IEC 27001, BS 25999, SOX, CobiT, PCI DSS etc.
Supported functionality
Specify the functionality this tool provides.
R.A. Method phases supported
-
Risk identification : Both Qualitative and Quantative Risk Assessment techniques supported. Both being fully integrated with Asset Management, Threats, Countermeasures, Risk Treatment Plans and Incident Management
- Risk analysis : Relative and Absolute risk scales can be used to adapt to corporate ‘risk appetite’.
-
Risk evaluation : 5 types: Physical, Information, Service, Application and Group (combination) Assets are supported. Threats can be automatically inherited via asset relationships, location and asset profile
Other phases
-
Asset inventory & evaluation : Supported by location but cross-referenced across an entire, multi-national or distributed, organisation. External, open interface, to import data and to integrate with third part applications such as network scanning and penetration testing applications.
R.M. Method phases supported
-
Risk assessment : 5 stage generic process, easily mapped to BS ISO 27001, IRAM or other methodologies
-
Risk treatment : ‘Action Plans’ are fully integrated with Compliance, Risk Assessment, Business Impact Analysis, Business Continuity and Incident Management.
-
Risk acceptance : Full audit trail of ALL system changes. Every process is automatically captured as a time stamped PDF, and full sign-off & acceptance is supported via email and workflow management.
-
Risk communication : Every aspect of the system can be reported or viewed by ‘secure’ PDFs, fully customisable Business Objects reporting, and via the optional Proteus RiskView™ management information graphical ‘dashboard’
Other phases
-
N/A
Other functionality
-
Document Management
-
Business Continuity
-
Remote auditing: Distribute questionnaires
-
Incident Management
-
Automated Alert MAnagement (SMS and email) : Incidents can be captured via custom intranet Portal pages and automated alerts (by SMS of email) sent to relevant individuals according to the affected (or potentially affected) assets and business processes.
Information processed
-
Global Views : Compliance status, Financial Exposure, Threats, Incidents etc.
-
Compliance : Documentation (Policies, procedures, evidence, testing) and Corrective Actions.
-
Assets : Related Controls and Tasks.
-
Incident Management : Analysed by incident type and/or losses, with identified control failures and related assets
-
Business Impact : Processes by Risk or with Assets affected by Incidents
-
Business Continuity : Critical process exposures
-
Risk Analysis : Threat Exposure
-
Action Plans : Task Summary
-
Incidents : Event types and losses
-
Document Control : Review Status
Lifecycle
Date of the first edition, date and number of actual version
Date of first release : March 1995 - CoP-iT, original Compliance 'gap analysis' tool, launched concurrently with BS7799:1995
Date and identification of the last version : June 2007 - Proteus Alert Management™ (P.A.M.) Fully integrated automated alert management linked to custom client intranet web ‘portal’ pages for Incident capture.
Useful links
Link for further information
Official web site : http://www.infogov.co.uk
user group web site : N/A
Relevant web site :http://www.veridion.net - http://www.bsi-global.co.uk - http://www.hispi.org
Languages
List the available languages that the tool supports
Languages available : English - french - Spanish - Japanese - Chinese
Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)
-
Proteus Solo :599 £/year
-
Proteus Professional :6000 £/year or 600 £/month
-
Proteus Enterprise : p.o.a
Sectors with free availability or discounted price : N/A
Trial before purchase
Details regarding the evaluation period of the tool
CD or download available : 1.Webex Demo or Evaluation by request - 2.Pilot Project p.o.a.
Identification required : N/A
Trial period : N/A
Tool architecture
Specify the technologies used in this tool
-
Database : MS SQL
-
Web server : IIS or Apache
-
Application Server : PHP
-
Client : I.E., Firefox etc.
Scope
Target public
Defines the most appropriate type of communities for this tool
-
Government, Agencies
-
Large scale companies
-
SME
Specific sector : Finance, TelCo, Pharmaceutical, Retail, Government
Spread
Information concerning the spread of this tool
General information : World-wide in many different organizations
Used inside EU countries : N/A
Used outside EU countries : N/A
Level of detail
Specify the target kind of people for this tool based on its functionality
Management : yes
Operational : yes
Technical : N/A
Compliance to IT Standards
List the national or international standard this tool is compliant with
-
BS ISO 17799 & 27001 : Licensed by BSI
-
BS 25999 : Licensed by BSI
-
SoGP : Licensed by ISF
-
PCI DSS
-
SOX
-
Many Others
Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard
-
BS ISO 27001
Training
Information about possible training courses for this tool
Course : Proteus Enterprise
Duration : 2 Days
skills : InfoSec
Expenses : Public courses free of charge
Course : Holistic Information Security Practitioner
Duration : 5 Days
Skills : H.I.S.P.
Expenses : £1,500
Users viewpoint
Skills needed
Specify the skills needed to use and maintain the solution
-
To install : Web & Database Servers, Business Objects on own server, or can be hosted on InfoGov secure servers
-
To use : Standard web Browser
-
To maintain : Standard web Browser
Tool Support
Specify the kind of support the company provides for this product
Support : Telephone, email (Local Language support by International Distributors)
Organization processes integration
Describe user roles this tool supports
Supported Roles
-
N/A
Intergration in Organization activities
-
N/A
Interoperability with other tools
Specify available interfaces or other ways of integration with other tools
- Integration Method
- Active directory
- Single Sign-on
- External Network Audit : API
- External ERP : API
- External Bespoke : Database Replication / Synchronisation
Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides
-
Full Authoring Facilities included
Flexibility of tool's database
Can the database be customized and adapted to client requirements?
-
Fully Customisable : Supports multi-languages, menu and forms customisation
-
Interoperable EU Risk Management ToolboxThis document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information...
-
Interoperable EU Risk Management FrameworkThis report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents...