Published under Risk Management

Tool Identity Card

General information
Basic information to identify the product

Tool name : ISAMM tool
Vendor name : Telindus N.V.
Country of origin : Belgium

Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : World-wide (sector oriented)
Supported by organization, club,... (e.g. as sponsor) : N/A

Brief description of the product
Give a brief description of the product containing general information, overview of functions…

  • ISAMM or Information Security Assessment and Monitoring Method tool follows the set of controls of best practices in Information Security from the ISO/IEC 27002. An ISAMM risk assessment contains 3 main parts:  scoping;  assessment;  reporting.
    Scoping: As required by ISO/IEC 27001, the first step of a risk assessment is to select the relevant pre-defined asset types and to define the most important assets of each of these types. The selected assets must be valuated for replacement -, confidentiality -, integrity - and availability cost. Second step is to select the relevant threats amongst about 15 pre-defined generic threats. Based on these selections, ISAMM will consider the relevant mappings between the chosen asset types and threats in order to generate a number of appropriate threat scenarios. ISAMM will then list all ISO/IEC 27002 controls that could have an effect on these risk scenarios. Optionally the respondent can indicate a mandatory status for a control. One should therefore assess the existence of mandatory company policies and/or legal and regulatory requirements (e.g. FDA, Sarbanes-Oxley, local laws…).
    Assessment: In this phase, the respondent has to complete for each relevant ISO/IEC 27002 control the actual compliance level. As an option, the respondent has a number of detailed compliance questions for each of the controls providing additional insights and details about the actual vulnerability level. When not (completely) compliant the respondent has to provide an estimation of the additional yearly cost to become fully compliant. Further questions are prompted in order to define the ‘threat motivation’ and the ‘number of exposure points’ for the threats. Based on this information ISAMM is able to calculate the default threat probability and impact for each of the threat scenarios and to determine the actual risk level for each threat.
    Reporting: Using the risk reducing characteristics of each control on each of the threat scenarios, ISAMM is also able to simulate the risk reducing effect of each control improvement and select the most appropriate ones, step by step. In this way an optimal risk treatment plan with resulting residual risk can be derived. After completion of the input and calculations, ISAMM will generate a variety of graphs and tables listing all relevant information.

Supported functionality
Specify the functionality this tool provides.

R.A. Method phases supported

  • Risk identification
  • Risk analysis
  • Risk evaluation

Other phases

  • Asset inventory & evaluation : ISAMM is an asset based approach but no configuration management tool

R.M. Method phases supported

  • Risk assessment
  • Risk treatment
  • Risk acceptance
  • Risk communication

Other phases

  • N/A

Other functionality

  • N/A

Information processed

  • Security controls : A list of recommended security controls sorted on the basis of their ROSI (Return on Security Investment)
  • Security indicators : Projected security indicators that simulate the effect of the implementation of the security recommendations
  • Evolution of risks : Various graphs that represent the evolution of risks with the realization of security controls

Date of the first edition, date and number of actual version

Date of first release : 2002 (consultant tool)
Date and identification of the last version : 2008 (self-assessment customer tool)

Useful links
Link for further information

Official web site :
user group web site : N/A
Relevant web site : N/A

List the available languages that the tool supports

Languages available : English

Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)

  • N/A

Sectors with free availability or discounted price : N/A

Trial before purchase
Details regarding the evaluation period of the tool

CD or download available : N/A
Identification required : N/A
Trial period : N/A

Tool architecture
Specify the technologies used in this tool

  • N/A

Page top


Target public
Defines the most appropriate type of communities for this tool

  • Information not provided

Specific sector : N/A

Information concerning the spread of this tool

General information : World-wide in many different organizations
Used inside EU countries : BE, FR, DE, IR, IT, LU, PT, ES, NL, UK
Used outside EU countries : SN, SE, CH, TH

Level of detail
Specify the target kind of people for this tool based on its functionality

Management : Through a build-in generic asset, high level assessments can be conducted
Operational : Through grouping of assets dedicated operational environments can be assessed
Technical : ISAMM can be engineered to support specific technical requirements and specifications

Compliance to IT Standards
List the national or international standard this tool is compliant with

  • ISO/IEC 27002: ISAMM can be engineered to comply with to all kind of standards, laws and regulations, proprietary policies.

Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

  • N/A

Information about possible training courses for this tool

Course : In house

Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

  • To install : Standard
  • To use : Information security and ISO/IEC 27000 series knowledge
  • To maintain : Standard

Tool Support
Specify the kind of support the company provides for this product

Support : Internal by dedicated R&D Team

Organization processes integration
Describe user roles this tool supports

Supported Roles

  • N/A

Intergration in Organization activities

  • N/A

Interoperability with other tools
Specify available interfaces or other ways of integration with other tools


  • Extract of results to MS Excel

Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides

  • N/A

Flexibility of tool's database
Can the database be customized and adapted to client requirements?

  • N/A

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more