Mehari 2010 basic tool

Published under Risk Management

Tool Identity Card

General information
Basic information to identify the product

Tool name : MEHARI 2010 - basic tool
Vendor name : CLUSIF
Country of origin : FRANCE

Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : World-wide (state oriented) ISO 27005 compliant
Supported by organization, club,... (e.g. as sponsor) : CLUSIF

Brief description of the product
Give a brief description of the product containing general information, overview of functions…

  • The worksheet of the method contains multiple formulas allowing to display step by step the results of the RA and RM activities and to propose additional controls for risk reduction. An other tool (RISICARE) is also available for more complex environments

Supported functionality
Specify the functionality this tool provides.

R.A. Method phases supported

  • Risk identification : Based on assets, threats and vulnerabilities
  • Risk analysis : Through scenarios
  • Risk evaluation : Quantification of the risk elements: stakes level and likelihood of threats

Other phases

  • Asset inventory & evaluation : The list of assets proposed includes services, information and regulations

R.M. Method processes supported

  • Risk assessment : The seriousness level of risk scenarios is given based on impact and likelihood
  • Risk treatment : The method proposes security measures for reducing risk level
  • Risk acceptance : Options to accept or transfer risk
  • Risk communication : The worksheet can be completed with communication elements

Other phases

  • ISMS per ISO 27001 : Control of the effectiveness of the ISMS process

Other functionality

  • ISO 27002

Information processed

  • Business stakes, lists of contributive assets : Base for impact assessment
    List of threats (accident, error, voluntary actions) : Likelihood is estimated and changes may be anticipated
    List of security controls and services : For risk reduction, current and future

Date of the first edition, date and number of actual version

Date of first release : 1998 (formulas were used but not available to public)
Date and identification of the last version : November 2010 – Mehari 2010

Useful links
Link for further information

Official web site : French English
User group web site (optional) :
Relevant web site : N/A

List the available languages that the tool supports

Languages available : English, French

Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)

  • Free

Sectors with free availability or discounted price : N/A

Trial before purchase
Details regarding the evaluation period of the tool

CD or download available : Download
Identification required : No
Trial period (days) : N/A

Tool architecture
Specify the technologies used in this tool

  • Database: Worksheet - Excel or Open Office

Page top


Target organizations
Defines the most appropriate type of communities for this tool

  • Government, agencies
  • Large scale companies
  • Commercial CIEs
  • Non commercial CIEs

Specific sector : Applicable to all types of organizations and businesses

Information concerning the spread of this tool

General information : World-wide in many different organizations
Used inside EU countries : France, Germany, UK, Swiss, Belgium, Poland, Spain, Luxemburg
Used outside EU countries : Above 120

Level of detail
Specify the target kind of people for this tool based on its functionality

Management : Stakes analysis with board members - Documented
Operational : Threat and questionnaires - Documented and available
Technical : N/A

Compliance to IT Standards
List the national or international standard this tool is compliant with

  • ISO 27005:2008 - Requirements OK
  • ISO 27001:2005 - Including 27002 controls

Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

  • ISMS 27001 certification - Effected in several countries

Information about possible training courses for this tool

Course : 3 to 5 days

Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

  • To install : very easy - Install the worksheet and run Excel or Oo
  • To use : easy to expert level - Depending on the boundaries and scope
  • To maintain : simple

Tool Support
Specify the kind of support the company provides for this product

Support : Excel or Open Office file - Standard software

Organization processes integration
Describe user roles this tool supports

Supported Roles

  • N/A

Intergration in Organization activities

  • N/A

Interoperability with other tools
Specify available interfaces or other ways of integration with other tools

  • N/A

Sector adapted knowledge databases supported
e-Security knowledge base : Specifically constructed to cover modern network based systems

  • .xls and .calc : Assets, threats, scenarios, vulnerabilities, formulas

Flexibility of tool's database
Can the database be customized and adapted to client requirements?

  • Also RISICARE : Compliant to the method Easy to understand and execute

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more