WCK
WCK
Tool Identity Card
General information
Basic information to identify the product
Tool name : WCK
Vendor name : WCK
Country of origin : Israel
Level of reference of the tool
Details about the coverage or the « originators » of the solution
Coverage :
- World-wide (state oriented): 17
- World-wide (sector oriented): Critical Infrastructure 3, Financial Services 12, Healthcare 1
- Regional: ValueSEC,CEPS
Supported by organization, club,... (e.g. as sponsor) : ValueSec, WIB
Brief description of the product
Give a brief description of the product containing general information, overview of functions:
-
WCK software is a holistic risk management solution for cyber security, IT and especially designed for critical infrastructure protection. It automates the entire risk management lifecycle and includes workflows for ongoing reviews and audits, receiving automated data from external security tools, remediation workflows and customizable decision-support dashboards and reports.
Supported functionality
Specify the functionality this tool provides.
R.A. Method activities supported
-
Risk identification
-
Risk analysis
-
Risk evaluation
Other phases
- Asset inventory & evaluation
R.M. Method phases supported
-
Risk assessment
-
Risk treatment
-
Risk acceptance
-
Risk Communication
Other phases:
- Business Impact and Dependency Analysis
- Compliance Analysis
- Development Life Cycle
- Business Continuity
Other functionality
- N/A
Information Processed
- Assets, reviews, controls, questionnaires, risks, mitigations, threats
Lifecycle
Date of the first edition, date and number of actual version
Date of first release : 2008
Date and identification of the last version : V2.44 released 15 Aug 2013
Useful links
Link for further information
Official web site : www.wck-grc.com
User group web site : N/A
Relevant web site : N/A
Languages
List the available languages that the tool supports
Languages available : English, German, Italian,Hebrew
Pricing and licensing models
Specify the price for the product (as provided by the company on March 2012)
-
Price: 3 pricing models:Annual license model, perpetual license model and special model for use by consulting firms.
- Maintenance: N/A
Sectors with free availability or discounted price : N/A
Trial before purchase
Details regarding the evaluation period of the tool
Trial period : Case by case
Tool architecture
Specify the technologies used in this tool
-
Database: SQL Server 2008R2
- Web Server: IIS
- Application Server: None
-
Client: IE v7 and above
Scope
Target public
Defines the most appropriate type of communities for this tool
-
Government, agencies
-
Large scale companies
-
SME (2nd tier target)
Specific sector : N/A
Spread
Information concerning the spread of this tool
General information : World-wide in many different organizations
- Used inside EU countries: 6 countries
- Used outside EU countries: 11 countries
Level of detail
Specify the target kind of people for this tool based on its functionality
Management
Operational
Technical
Compliance to IT Standards
List the national or international standard this tool is compliant with
-
ISO27001
- NIST 800-53
- PCI-DSS
- CobiT
- ISA99
Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard
-
N/A
Training
Information about possible training courses for this tool
- Course : Improving risk and compliance management processes
- Duration : 3 days
Users viewpoint
Skills needed
Specify the skills needed to use and maintain the solution
-
To install : None
-
To use : None
-
To maintain : None
Tool Support
Specify the kind of support the company provides for this product
Support : N/A
Organization processes integration
Describe user roles this tool supports
Supported Roles
-
Active Directory – for authentication of the users allowed working with the tool
-
SMTP mail server – for sending different alerts from the system
Integration in Organization activities
-
N/A
Interoperability with other tools
Specify available interfaces or other ways of integration with other tools
- Connection through Web Services, direct DB access or file based integration with vulnerability scanners, SIEM, task management, CMDB (or any other asset repository)
Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides
-
N/A
Flexibility of tool's database
Can the database be customized and adapted to client requirements?
-
Microsoft SQL Server: Can be standard edition, enterprise or even SQL Express