Tool Identity Card
Basic information to identify the product
Tool name : MIGRA Tool
Vendor name : AMTEC/Elsag Datamat S.p.A.
Country of origin : Italy
Level of reference of the tool
Details about the coverage or the « originators » of the solution
Coverage : Local
Supported by organization, club,... (e.g. as sponsor) : N/A
Brief description of the product
Give a brief description of the product containing general information, overview of functionsâ€¦
“MIGRA Tool” is a web application based on the MIGRA methodology (Metodologia Integrata per la Gestione del Rischio Aziendale). It is designed to support security officers (SO) during the whole process of designing and maintaining an effective and cost effective protection system, with reference to both information and tangible assets security. In fact, when adopted, it becomes the core of the organisation Security Management System (SMS), providing the data necessary to make informed decisions about which actions to take, to justify these decisions and to understand their consequences. Functions are provided to perform actions such as:
- generating a model of the organisation suitable for security analysis
- assessing the adequacy and effectiveness of security measures vs. threats and normative or organisational security policy requirements
- identifying and allocating security roles and responsibilities
- consolidating and sharing security know-how about both threats and countermeasures
- performing a qualitative risk analysis
- performing compliance analysis with reference to legislation, rules, standards or internal policies
- providing risk indicators
- performing what-if analysis
- producing management and operational reports
The tool consists of 5 major modules: - the knowledge base (providing full ISO 27001:2005 compliance) - the scenario modelling tool - the risk analysis and conformity engine - the what-if engine - the report generator engine.
One installation of the tool can be used to manage multiple companies. Multiple languages are supported (English and Italian currently available).
Specify the functionality this tool provides.
R.A. Method phases supported
Risk identification : Yes
Risk analysis : Yes
- Risk Evaluation: Yes
Asset Inventory : Yes
R.M. Method phases supported
Risk assessment: Yes
Risk treatment : Yes
Risk acceptance : Yes
- Risk communication : Yes
Security perimeter modeling
- Compliance/gap management : The functionality is provided by the tool. The database currently supports ISO 27001:2005 standard and Italian privacy regulations.
- Threat/vulnerability analysis
Date of the first edition, date and number of actual version
Date of first release : June 2002, first release of a previous version of the tool (named Defender Manager)
Date and identification of the last version : December 2007, version 2.0
Link for further information
List the available languages that the tool supports
Languages available : Italian, English
Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)
Price : From 30K€ (depending on the size of the company or group of companies using the tool)
- Maintenance : 15% of the license price
Sectors with free availability or discounted price : N/A
Trial before purchase
Details regarding the evaluation period of the tool
CD or download available : N/A
Identification required : N/A
Trial period : N/A
Specify the technologies used in this tool
Database : The database stores the knowledge base of the tool (threats, attacks, countermeasures, components for security perimeter modeling, etc.) and the scenario models created by the users.
- Web server : Presentation
- Application Server : Business logic
- Client : User interface based only on an Internet browser
Defines the most appropriate type of communities for this tool
Large scale companies
Specific sector : N/A
Information concerning the spread of this tool
General information : N/A
Used inside EU countries : N/A
Used outside EU countries : N/A
Level of detail
Specify the target kind of people for this tool based on its functionality
Management : Risk indicators, what-if analysis, management reports, risk treatment.
Operational : Scenario modeling, asset and threat assessment risk and compliance assessment, operational reporting.
Technical : Countermeasures selection support.
Compliance to IT Standards
List the national or international standard this tool is compliant with
Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard
Information about possible training courses for this tool
Course : On request
Duration : 3 days
Skills : Previous experience in physical and logical security and risk management.
Specify the skills needed to use and maintain the solution
To install : Windows Server, IIS and SQL server system administrator skills
To use : MIGRA training course
To maintain : MIGRA training course
Specify the kind of support the company provides for this product
Support : Help desk MCC - MIGRA Competence Center (the service fee is 10% of the license price)
Organization processes integration
Describe user roles this tool supports
Intergration in Organization activities
Security officers and any other role involved in security administration
Interoperability with other tools
Specify available interfaces or other ways of integration with other tools
Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides
Flexibility of tool's database
Can the database be customized and adapted to client requirements?
The tool provides a Knowledge Base Builder Module (KBB) that allows to edit, delete and add components, threats, attacks, countermeasures, etc.