Information Security Risk Management Software
Abriska 27001 is URM’s cost effective, intuitive, web-based information security risk management software designed specifically to meet the risk assessment requirements of ISO 27001. Adopting a proven methodology, Abriska 27001 is ideally suited to SMEs.
What is the Purpose of Abriska 27001?
Abriska 27001 was designed to address one of the fundamental requirements of ISO 27001; the need for robust and repeatable risk assessments. Underpinning Abriska 27001 is a proven, best-practice risk assessment methodology which has been validated in over 400 ISO 27001 certification projects. All of the mandatory outputs required by the ISO 27001 Standard, including a Statement of Applicability (SOA), risk score matrix, risk treatment plan and risk register are produced by Abriska. A key feature of the tool is that it facilitates the shared ownership of information risk across your organisation by enabling the easy distribution of risk and control assessment, whilst retaining centralised control, configuration and reporting.
What Type and Size of Organization is Abriska 27001 Particularly Suited to?
Abriska 27001 is the perfect web-based tool for any organisation looking to comply or certify to ISO 27001 or those looking to simply ensure their organisation adopts a consistent and robust approach to assessing, prioritising and managing key information risks. It is ideally suited to small and medium-sized organisations, particularly those looking to share the ownership of risk across a range of divisions or departments. It also suits larger organisations that are looking for a specialist information security module providing the granularity they seek, which then feeds into their enterprise risk management software.
What are its Key Features?
- Simplifies, through automation, the ISO 27001 risk assessment process
- Proven, best practice risk assessment methodology aligned with ISO 31000 and ISO 27005
- Preconfigured with linked asset types, threats and controls with input from URM’s senior information security consultants
- Data flow mapping between assets and supporting assets
- Facilitates devolution of risk ownership across organisation
- Produces all mandatory ISO 27001 outputs, including Statement of Applicability (SOA), risk score matrix, risk treatment plan and risk register
- Comprehensive reporting (including risk trends) and notification/reminder features
- Easy to use and intuitive interface
- Responsive UK-based support team
What are its Principal Benefits?
- Proven and Robust – Abriska 27001 is underpinned by a risk assessment methodology that is aligned with ISO 27005 and has been validated by numerous certification bodies in over 350 certification projects.
- Cost and time saving – When compared to a manual spreadsheet, clients have estimated that time savings in conducting risk assessments with Abriska can be as great as 90%. Set up times are greatly eased by Abriska’s pre-configured mappings.
- Shared workload – Abriska is a web-based product which allows for the easy distribution of risk and control assessment, whilst retaining centralised control, configuration and reporting.
- Consistent and Repeatable – Abriska is ideally suited to meeting one of the absolute fundamental requirements of ISO 27001; the need for robust and repeatable risk assessments.
- Flexibility – Abriska also allows for varying control implementation across different sites or divisions, with considerable scope for the customisation and the addition of other threats and controls, e.g. PCI DSS.
How Does it Work?
Abriska 27001 adopts a 4 step approach in managing risks-
- Identifying information assets within scope and determining the potential impact to the organisation resulting from a loss in terms of confidentiality, integrity and availability to each asset
- Assessing risk by determining likelihood and impact of threats occurring and mapping against appropriate controls
- Assessing the maturity of applicable information security controls (all 114 controls from Annex A of ISO 27001 are preloaded, but others can be added) against a consistent, tailored scale to demonstrate current risk and treated risk if improvements are made
- Having determined information security risks, these can be reported in a number of ways including showing how risks have changed over time. Abriska automatically produces all the mandatory output requirements from ISO 27001, i.e. statement of applicability, risk score matrix, risk treatment plan and risk register.