Security risk analysis world:  
information for security risk assessment  
risk analysis and security risk management  

 Directory of information for security risk analysis and risk assessment Contact Us Front Page

COBRA Knowledge Bases


Three discrete knowledge bases are available for use with COBRA:

- The IT security or default knowledge base

- The operational risk knowledge base

- The 'quick risk' or high level risk knowledge base.

- The e-Security knowledge base.

The first two of these provide for comprehensive and detailed risk analysis in their respective domains. The third enables a rapid assessment and overview of a whole business system. The latter knowledge base was specifically constructed to cover modern LAN and network based systems.


Example Modules

The set of detailed question modules that are supplied with the base Risk Consultant are extensive. They are designed to enable a system to be professionally and meticulously assessed without necessitating particular security expertise.

The following question modules, amongst many others, are included:



Assesses the relative significance, in terms of potential loss, of all aspects and areas of a system. The results from this can be used in determination of which areas are in most need of attention.

If required, this module can also be used to automatically determine which other question modules to build into a detailed questionnaire.


Logical Access

All aspects of logical access to and within the computer system are covered:

user identification and authentication (system access)

batch submission

function control

resource access control

sensitive data consideration, etc


System Audit

Investigates all areas of auditing, including what records and logs are produced, what audit procedures and practices are employed, what follow-up procedures are adopted, etc.


Security Administration

Security administration practices are ascertained for resource access, system access and security system control.



Contingency and recovery are considered in great depth. All aspects are covered, including:

back-up practice and policy

the contents of the recovery plan

the status of the recovery plan

the recovery location

general contingency practice, procedure and policy

network contingency

application contingency.


System Design

Security considerations relating to application/system design is covered by this module.



The development module embraces all security considerations pertinent to application/system development, including documentation, auditing requirements and project control.


Change Control

Covers change control procedures and practice, both scheduled and emergency.


Security Management And Policy

This module will establish general security status, embracing general and detailed policy, awareness and security management.


Physical Access

All aspects of physical access are examined, including:

access and damage at a building level

access to sensitive areas within the building

protection of individual assets

procedures to control personnel and others internal to the building/site.



Practise, procedure and risk with respect to hardware and hardware maintenance is analysed.



Close examination of operations procedures and practices is undertaken.



Personnel policy is covered, with respect to such matters as recruitment, dependency and supervision.



All major hazards are considered, including:




environmental systems

general issues.



Network security is analysed in depth. Some of the issues examined are:

use of dial-in


monitoring and audit


physical controls

general practise


And MANY others...

Next Page Back to First Page

COBRA Purchase Page

Back to first page Copyright 2003 C & A Security Risk Analysis Group email