Riskwatch
Tool Identity Card
General information
Basic information to identify the product
Tool name : RiskWatch for Information Systems & ISO 17799
Vendor name : RiskWatch
Country of origin : United States
Level of reference of the tool
Details about the coverage or the « originators » of the solution
Coverage : Local
Supported by organization, club,... (e.g. as sponsor) :
Brief description of the product
Give a brief description of the product containing general information, overview of functions…
-
RiskWatch for Information Systems &ISO 17799 is the of RiskWatch company' solution for IS Risk Management. This tool conducts automated risk analysis and vulnerability assessments of information systems. The knowledge databases that are provided along with the product are completely customizable by the user, including the ability to create new asset categories, threat categories, vulnerability categories, safeguards, question categories, and question sets. The tool includes controls from the ISO 17799 and US-NIST 800-26 standards. RiskWatch provides an online demonstration of this product.
Supported functionality
Specify the functionality this tool provides.
R.A. Method phases supported
-
Risk identification : Phase I & II: List of predefined threats grouped in categories
-
Risk analysis : Phase I & II: Determine the potential financial impact
-
Risk evaluation : Phase I & II: Gather information about vulnerabilities
Other phases
-
N/A
R.M. Method phases supported
-
Risk assessment
-
Risk treatment : Phase III : Define safeguard details
-
Risk acceptance : Phase III : "what-if" scenarios
Other phases
-
N/A
Other functionality
-
Asset Inventory: List of individual assets grouped in categories
Information processed
-
Executive Summary
-
Full and summary reports: For elements identified in Phases 1 and 2
-
Cost Benefit Report
-
Safeguard threat report
-
Audit trail reports
-
Final management report
Lifecycle
Date of the first edition, date and number of actual version
Date of first release : N/A
Date and identification of the last version : 2002 - version 9
Useful links
Link for further information
Official web site : http://www.riskwatch.com/
user group web site : N/A
Relevant web site : N/A
Languages
List the available languages that the tool supports
Languages available : English
Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)
-
$15.000
Sectors with free availability or discounted price : Educational discount: 25%
Trial before purchase
Details regarding the evaluation period of the tool
CD or download available : Online demonstration
Identification required : Yes
Trial period : -
Tool architecture
Specify the technologies used in this tool
-
Web server
-
Standalone application
Scope
Target public
Defines the most appropriate type of communities for this tool
-
Government, agencies
-
Large scale companies
-
SME
Specific sector : N/A
Spread
Information concerning the spread of this tool
General information : 3000 users
Used inside EU countries : N/A
Used outside EU countries : N/A
Level of detail
Specify the target kind of people for this tool based on its functionality
Management : N/A
Operational : N/A
Technical : N/A
Compliance to IT Standards
List the national or international standard this tool is compliant with
-
US-NIST 800-26: Control standards included
Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard
-
N/A
Training
Information about possible training courses for this tool
Course : RiskWatch for Information Systems Two-Day Training: 2 days duration, Principles of Risk Assessment, Familiarity with the RiskWatch Automated Risk Assessment Program, cost $1000 per person
Course : On-site Riskwatch training: 2 days duration, Risk analysis with Riskwatch, cost $5500 per class
Users viewpoint
Skills needed
Specify the skills needed to use and maintain the solution
-
To install : N/A
-
To use : On-line help
-
To maintain : N/A
Tool Support
Specify the kind of support the company provides for this product
Support : Online and telephone Support, Help, FAQ, etc
Organization processes integration
Describe user roles this tool supports
Supported Roles
-
N/A
Intergration in Organization activities
-
N/A
Interoperability with other tools
Specify available interfaces or other ways of integration with other tools
-
Import/Export: DataSheet (Excel), Databases (ODBC)
Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides
-
N/A
Flexibility of tool's database
Can the database be customized and adapted to client requirements?
-
Questionnaires : Customize
-
RiskWatch IS database : Create new asset categories, threat categories, vulnerability categories, safeguards, question categories, and question sets.
-
Interoperable EU Risk Management ToolboxThis document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information...
-
Interoperable EU Risk Management FrameworkThis report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents...