Those who have conducted a risk assessment according to the requirements of ISO 27001 and ISO 27005 would agree that the process is not very clear for newcomers to the Standard.
For starters, there are so many factors to consider, like having to come up with a comprehensive list of information assets, or plotting out a seemingly endless inventory of possible risks (or threats and vulnerabilities) that could affect those assets.
Not to mention having to figure out which of the controls from Annex A are applicable to the identified risks!
All of this can be quite overwhelming, even for an experienced risk assessor.
At Vigilant Software, we believe that it would make a world of difference if companies were able to use a template as a guideline to work from. That’s why we’ve updated vsRisk™, the leading risk information security risk assessment software, to do exactly that.
With vsRisk, you can:
- Copy and replicate an example risk assessment that includes the following:
- A library of assets, pre-assigned to organisational roles typically in charge of those asset groups;
- A database of threats and vulnerabilities (risks), pre-applied to each asset group;
- The relevant ISO 27001:2013 controls from Annex A, pre-assigned to each of these risks.
In addition, vsRisk offers a host of other benefits:
- An interactive dashboard, offering a quick summary of the risk assessment and progress made to date;
- The ability to add implementation details, risk owners and comments;
- Customisable risk criteria, calculation formulae and impact/likelihood scales;
- The option to create and add your own assets, risks and controls;
- A feature to assess the confidentiality, integrity and availability of assets separately or together;
- The option to choose from four risk responses: treat, tolerate, transfer or terminate;
- Six customisable and editable reports, including the Statement of Applicability and risk treatment plan;
- Seven control sets that enable mapping between controls;
- Upgrade options to allow multiple users and import of an ISO 27001 ISMS documentation toolkit.
For a limited period only, you can get vsRisk at 30% off, which means that you pay only £416 for the Standalone version, or £871 for the Standalone version plus the built-in ISMS Documentation Toolkit. A better offer is simply not available on the market.