Tool Identity Card
Basic information to identify the product
Tool name : Proteus
Vendor name : Infogov (Information Governance Limited)
Country of origin : United Kingdom
Level of reference of the tool
Details about the coverage or the « originators » of the solution
Coverage : World-Wide (State oriented)
Supported by organization, club,... (e.g. as sponsor) : British Standards Institution (BSI) - Information Security Forum (ISF) - Holistic Information Security Practitioner Institute (HISP institute)
Brief description of the product
Give a brief description of the product containing general information, overview of functionsâ€¦
Proteus Enterprise is a comprehensive web server based compliance, information security and risk management, and Corporate Governance tool developed by Information Governance Ltd. The entire range of Proteus products, and its preceding versions, have been branded and distributed by the British Standards Institution since 1995, although most enterprise level sales are direct via Information Governance Ltd and its global distribution network managed by Veridion Inc., Canada. Proteus allows organizations to implement the controls of any standard or regulation, e.g. BS ISO/IEC 17799 and BS ISO/IEC 27001, BS 25999, SOX, CobiT, PCI DSS etc.
Specify the functionality this tool provides.
R.A. Method phases supported
Risk identification : Both Qualitative and Quantative Risk Assessment techniques supported. Both being fully integrated with Asset Management, Threats, Countermeasures, Risk Treatment Plans and Incident Management
- Risk analysis : Relative and Absolute risk scales can be used to adapt to corporate ‘risk appetite’.
Risk evaluation : 5 types: Physical, Information, Service, Application and Group (combination) Assets are supported. Threats can be automatically inherited via asset relationships, location and asset profile
Asset inventory & evaluation : Supported by location but cross-referenced across an entire, multi-national or distributed, organisation. External, open interface, to import data and to integrate with third part applications such as network scanning and penetration testing applications.
R.M. Method phases supported
Risk assessment : 5 stage generic process, easily mapped to BS ISO 27001, IRAM or other methodologies
Risk treatment : ‘Action Plans’ are fully integrated with Compliance, Risk Assessment, Business Impact Analysis, Business Continuity and Incident Management.
Risk acceptance : Full audit trail of ALL system changes. Every process is automatically captured as a time stamped PDF, and full sign-off & acceptance is supported via email and workflow management.
Risk communication : Every aspect of the system can be reported or viewed by ‘secure’ PDFs, fully customisable Business Objects reporting, and via the optional Proteus RiskView™ management information graphical ‘dashboard’
Remote auditing: Distribute questionnaires
Automated Alert MAnagement (SMS and email) : Incidents can be captured via custom intranet Portal pages and automated alerts (by SMS of email) sent to relevant individuals according to the affected (or potentially affected) assets and business processes.
Global Views : Compliance status, Financial Exposure, Threats, Incidents etc.
Compliance : Documentation (Policies, procedures, evidence, testing) and Corrective Actions.
Assets : Related Controls and Tasks.
Incident Management : Analysed by incident type and/or losses, with identified control failures and related assets
Business Impact : Processes by Risk or with Assets affected by Incidents
Business Continuity : Critical process exposures
Risk Analysis : Threat Exposure
Action Plans : Task Summary
Incidents : Event types and losses
Document Control : Review Status
Date of the first edition, date and number of actual version
Date of first release : March 1995 - CoP-iT, original Compliance 'gap analysis' tool, launched concurrently with BS7799:1995
Date and identification of the last version : June 2007 - Proteus Alert Management™ (P.A.M.) Fully integrated automated alert management linked to custom client intranet web ‘portal’ pages for Incident capture.
Link for further information
List the available languages that the tool supports
Languages available : English - french - Spanish - Japanese - Chinese
Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)
Proteus Solo :599 £/year
Proteus Professional :6000 £/year or 600 £/month
Proteus Enterprise : p.o.a
Sectors with free availability or discounted price : N/A
Trial before purchase
Details regarding the evaluation period of the tool
CD or download available : 1.Webex Demo or Evaluation by request - 2.Pilot Project p.o.a.
Identification required : N/A
Trial period : N/A
Specify the technologies used in this tool
Database : MS SQL
Web server : IIS or Apache
Application Server : PHP
Client : I.E., Firefox etc.
Defines the most appropriate type of communities for this tool
Large scale companies
Specific sector : Finance, TelCo, Pharmaceutical, Retail, Government
Information concerning the spread of this tool
General information : World-wide in many different organizations
Used inside EU countries : N/A
Used outside EU countries : N/A
Level of detail
Specify the target kind of people for this tool based on its functionality
Management : yes
Operational : yes
Technical : N/A
Compliance to IT Standards
List the national or international standard this tool is compliant with
BS ISO 17799 & 27001 : Licensed by BSI
BS 25999 : Licensed by BSI
SoGP : Licensed by ISF
Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard
BS ISO 27001
Information about possible training courses for this tool
Course : Proteus Enterprise
Duration : 2 Days
skills : InfoSec
Expenses : Public courses free of charge
Course : Holistic Information Security Practitioner
Duration : 5 Days
Skills : H.I.S.P.
Expenses : £1,500
Specify the skills needed to use and maintain the solution
To install : Web & Database Servers, Business Objects on own server, or can be hosted on InfoGov secure servers
To use : Standard web Browser
To maintain : Standard web Browser
Specify the kind of support the company provides for this product
Support : Telephone, email (Local Language support by International Distributors)
Organization processes integration
Describe user roles this tool supports
Intergration in Organization activities
Interoperability with other tools
Specify available interfaces or other ways of integration with other tools
- Integration Method
- Active directory
- Single Sign-on
- External Network Audit : API
- External ERP : API
- External Bespoke : Database Replication / Synchronisation
Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides
Full Authoring Facilities included
Flexibility of tool's database
Can the database be customized and adapted to client requirements?
Fully Customisable : Supports multi-languages, menu and forms customisation