Risicare

Tool Identity Card

General information
Basic information to identify the product

Tool name : Risicare
Vendor name : BUC S.A.
Country of origin : France

Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : World-wide
Supported by organization, club,... (e.g. as sponsor) : Referenced by CLUSIF

Brief description of the product
Give a brief description of the product containing general information, overview of functionsâ€¦

Risicare assists the information risk analysis and management actions in support of MEHARI Risk Model, options and formulas developed by CLUSIF. The functions of Risicare simulate real-world conditions and test multiple "what if" threat situations or scenarios. As a result, Risicare can be considered additionally as a risk modelling software. Moreover, Risicare allows the management of an ISMS and uses a set of control points which includes those of ISO 27002.

Supported functionality
Specify the functionality this tool provides.

R.A. Method phases supported

Risk identification : Risicare considers the combination of stakes analysis, asset classification, vulnerability analysis and risk situations study to identify risks in accordance with MEHARI method.
Risk analysis : The approach used by Risicare is based on a comprehensive threat situation knowledge base and automated procedures for the evaluation of risk reduction factors.
Risk evaluation : Risicare alleviates the user from having to make calculations and provides a measure of the seriousness of the risk (with a combination of the potentiality and impact).

Other phases

R. A. is automatically included into the R.M. capability of Risicare.
Environment and context : Risicare integrates the results of the business stakes and processes study and the cartography of the contributing assets for information handling. Expression of security requirements: additional inputs such as potentiality and impact of the risk situations are issued from interviews with the business stake holders.

R.M. Method phases supported

Risk assessment : Risicare analyses multiple threat situations (with a set of scenarios) to determine the seriousness of each risk for each attribute (such as A, l or C) of the assets and to pin-point the most serious for the organization.
Risk treatment : Risicare provides simulations and optimization to select those security measures which mitigate each vital or unacceptable risk.
Risk acceptance :
Risk communication : Risicare displays prioritized asset protections required and security controls from the audit results, additional charts provide compliance measurement for the organization (e.g. according to ISO 27002). From these results, Risicare allows to select additional security measures, organizational and/or technical and to integrate them into short and long term plans.

Other phases

Risk acceptance: Risicare displays currently less serious risks that may be revised in the future.

Other functionality

Risicare may display the risk reduction phases based on the planned improvements and the target dates for their achievements.

Information processed

For each phase, Risicare generates:
- a detailed report
- many grids of results
- customizable Charts
- short and long term security plans

Lifecycle
Date of the first edition, date and number of actual version

Date of first release : 1998
Date and identification of the last version : April 2007 - v6.0

Useful links
Link for further information

Official web site : http://www.risicare.fr
User group web site : http://www.clusif.asso.fr/en/clusif/present/
Relevant web site : N/A

Languages
List the available languages that the tool supports

Languages available : French, English

Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)

Free : No
Licence price: Contact BUC SA
Maintenance price: yearly fee, 15% of license price.

Sectors with free availability or discounted price :

Discounted price for Education

Trial before purchase
Details regarding the evaluation period of the tool

CD or download available : CD
Identification required : Yes
Trial period : -

Tool architecture
Specify the technologies used in this tool

Database: Risicare is a stand alone application requiring a single installation and uses files originated from MEHARI knowledge bases.
Host operating system: Windows (2000, XP, Vista)

Page top

Scope

Target public
Defines the most appropriate type of communities for this tool

Any type of company and organization
Governmental and regional agencies

Specific sector : Risicare is especially used in large companies and Governmental and regional agencies.

Spread
Information concerning the spread of this tool

General information : The spread of the product is worldwide
Used inside EU countries : France, Belgium, Luxembourg plus world wide affiliates
Used outside EU countries : USA, Canada, Switzerland, Morocco, Mali

Level of detail
Specify the target kind of people for this tool based on its functionality

Management : top management, business lines, CISO, CIO, Risk managers, auditors with synthesis reports and charts showing the evolution of a risk cartography.
Operational : mostly CIO, network and systems operations, with the powerful functions allowing the choice of risk treatment
Technical : CIO and CISO, with the implementation of detailed mitigation plan.

Compliance to IT Standards
List the national or international standard this tool is compliant with

Integrates within ISO 27001 (mostly Plan phase)
ISO 27002: measures the compliance of the organization to all control points
Designed from ISO 13335 for future applicability to ISO 27005
Applicable to operational risk reduction such as Basel II, SOX

Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

Risicare helps users to achieve the Risk Analysis and the risk treatment phases required by the ISMS completion and certification stated in ISO 27001

Training
Information about possible training courses for this tool

Course : BUC SA provides training courses for Risicare. Several consultancy firms provide MEHARI and Risicare training courses, e.g. France, Canada, Austria, etc..

Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

To install : Basic level - automated installation on Windows systems
To use : Standard level - the software provides a user-friendly interface and is easy to use, a good knowledge of Risk Management and MEHARI method is needed
To maintain : Basic level - automatic install of updates

Tool Support
Specify the kind of support the company provides for this product

Support : Telephone (+33 1 43 37 54 11) and email

Organization processes integration
Describe user roles this tool supports

Supported Roles

Risicare is delivered with a data base issued from MEHARI 2007 standard knowledge base. It is possible to customize Risicare data base for specific requirements (e.g. protection of personal data) by information security experts with an additional tool: Risibase.

Intergration in Organization activities

Integrated in the governance of the organization and especially with the risk management process.

Interoperability with other tools
Specify available interfaces or other ways of integration with other tools

Deliverable results can be exported in CSV format.
Charts and Datasheet can be directly copied into the clipboard.

Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides

Risicare can support a lot of knowledge databases applicable to many types of business. The knowledge databases from CLUSIF are fully supported.

Flexibility of tool's database
Can the database be customized and adapted to client requirements?

The RisiBase module (delivered with Risicare) allows to completely customize or build an additional knowledge Database.

Browse the Topics