CyberWISER Light

Published under Risk Management

CyberWISER Light

Tool Identity Card

General information
Basic information to identify the product

Tool name : CyberWISER Light
Vendor name : WISER
Country of origin : Europe



Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : World-wide (state oriented)
Supported by organization, club,... (e.g. as sponsor)

WISER has received funding from the European Union’s Horizon 2020 research and innovation programme under the Grant Agreement no 653321. Members of the WISER consortium are:



Brief description of the product
Give a brief description of the product containing general information, overview of functions.

CyberWISER Light is the non-intrusive mode of the WISER Framework (the client does not need to install any dedicated software on its infrastructure). It is the first outcome offered by WISER generating a first estimation of the situation of an IT infrastructure with respect to cyber risk. It provides a quick and simple assessment of cyber risk thanks to information regarding the company which is collected in a questionnaire. The user is also given the chance to easily detect vulnerabilities present at the client IT infrastructure and capable of escalating to intrusion into externally exposed resources. The tool is not intrusive and provides immediate feedback. The output is a report easy to understand, especially to top management positions, highlighting the main points to be improved as far as the client´s cybersecurity is concerned.


Supported functionality
Specify the functionality this tool provides.

R.A. Method activities supported

  • Risk identification: Risk identification is performed in a two step phase:
    1. A Questionnaire that gives any organisation a first, high-level view of its cyber risk exposure. There are 28 questions that collect and assess basic information about the organisation and its cyber risk exposure.
    2. A vulnerability test that is capable of detecting the vulnerabilities identified from OWASP top 10 cyber security risks and detectable with automated scanners.
  • Risk analysis : The objective is to determine the cyber risk exposure of the organization based on the one hand, on the business company profile, the internal organisation and the industries operations sectors exposure, and the other part, the technical view of the ICT profile, identifying the basic measures thatmust be adopted to assure technical and organisational ICT Security.
  • Risk evaluation : The Client obtains a short report that visualises the evidence of the cyber risk exposure based on the information provided and the vulnerability discovered, and a lengthy report that explains the score obtained and provide additional information on best practices to address potential cyber security risks.

Other phases

  • Asset inventory & evaluation: N/A

R.M. Method phases supported

  • Risk assessment: Yes
  • Risk treatment : N/A
  • Risk acceptance : N/A.
  • Risk Communication : N/A
  • Gap Analysis: N/A

Other phases: N/A

Other functionality:

N/A

Information processed

  • Data collected through the questionnaire: The questionnaire collects the information structured in 6 sections: (i) company business profile, (ii) governance, (iii) data managed, (iv) IT policies, (v) risks related to outsourcing, (vi) past cyber risk episodes.
  • Organisation’s vulnerabilities collected through the vulnerability test : The detected vulnerabilities are key information to produce the risk assessment report. To access the vulnerability tests, the user has to prove that he is the owner of the requested target website/infrastructure. When registering, every user is provided with a token (randomly generated string) which he must insert to the target website to prove its ownership.


Lifecycle
Date of the first edition, date and number of actual version

Date of first release : 17/05/2016
Date and identification of the last version : N/A

Useful links

Link for further information

Official web site : www.cyberwiser.eu
User group web site : N/A
Relevant web site : N/A



Languages
List the available languages that the tool supports

Languages available : English



Pricing and licensing models
Specify the price for the product

  • Price: Free
  • Sectors with free availability or discounted price : N/A


Trial before purchase
Details regarding the evaluation period of the tool

CD or download available : N/A
Identification required : N/A
Trial period : N/A



Tool architecture
Specify the technologies used in this tool

  • Database: MongoDB is used for Data Content and Reporting
  • Web Server: Apache is used for Questionnaire, Dashboard and Reporting UI

Page top

Scope

Target public
Defines the most appropriate type of communities for this tool

  • Government agencies
  • Large scale companies
  • SMEs

Specific sector : N/A



Spread
Information concerning the spread of this tool

General information : World-wide in many different organizations
Used inside EU countries
Used outside EU countries 



Level of detail
Specify the target kind of people for this tool based on its functionality

  • Management
  • Operational
  • Technical

 



Compliance to IT Standards
List the national or international standard this tool is compliant with

  • N/A

Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

  • N/A


Training
Information about possible training courses for this tool

  • N/A

Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

  • To install : The tool is available online. The only installation required is a Token that has to be place in the Root of the server’s infrastructure in order to perform the Vulnerability Test
  • To use : Users need the privileges to install a Token into the Root of the server’s infrastructure in order to perform the Vulnerability test. Apart from that no particular skill is needed to use the tool.
  • To maintain : No skill is needed to maintain the tool.


Tool Support
Specify the kind of support the company provides for this product

Support : For any help, support and advice on how to use the tool the user can contact the WISER team at info@cyberwiser.eu



Organization processes integration
Describe user roles this tool supports

Supported Roles

N/A

Intergration in Organization activities

  • N/A


Interoperability with other tools
Specify available interfaces or other ways of integration with other tools

 

  • Export to : PDF


Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides

  • N/A

Flexibility of tool's database
Can the database be customized and adapted to client requirements?

  • N/A

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information