Security risk analysis world:  
information for security risk assessment  
risk analysis and security risk management  

 Directory of information for security risk analysis and risk assessment Contact Us Front Page
 

COBRA Knowledge Bases


 

Three discrete knowledge bases are available for use with COBRA:

- The IT security or default knowledge base

- The operational risk knowledge base

- The 'quick risk' or high level risk knowledge base.

- The e-Security knowledge base.

The first two of these provide for comprehensive and detailed risk analysis in their respective domains. The third enables a rapid assessment and overview of a whole business system. The latter knowledge base was specifically constructed to cover modern LAN and network based systems.

 

Example Modules

The set of detailed question modules that are supplied with the base Risk Consultant are extensive. They are designed to enable a system to be professionally and meticulously assessed without necessitating particular security expertise.

The following question modules, amongst many others, are included:

 

Business/Impact

Assesses the relative significance, in terms of potential loss, of all aspects and areas of a system. The results from this can be used in determination of which areas are in most need of attention.

If required, this module can also be used to automatically determine which other question modules to build into a detailed questionnaire.

 

Logical Access

All aspects of logical access to and within the computer system are covered:

user identification and authentication (system access)

batch submission

function control

resource access control

sensitive data consideration, etc

 

System Audit

Investigates all areas of auditing, including what records and logs are produced, what audit procedures and practices are employed, what follow-up procedures are adopted, etc.

 

Security Administration

Security administration practices are ascertained for resource access, system access and security system control.

 

Contingency

Contingency and recovery are considered in great depth. All aspects are covered, including:

back-up practice and policy

the contents of the recovery plan

the status of the recovery plan

the recovery location

general contingency practice, procedure and policy

network contingency

application contingency.

 

System Design

Security considerations relating to application/system design is covered by this module.

 

Development

The development module embraces all security considerations pertinent to application/system development, including documentation, auditing requirements and project control.

 

Change Control

Covers change control procedures and practice, both scheduled and emergency.

 

Security Management And Policy

This module will establish general security status, embracing general and detailed policy, awareness and security management.

 

Physical Access

All aspects of physical access are examined, including:

access and damage at a building level

access to sensitive areas within the building

protection of individual assets

procedures to control personnel and others internal to the building/site.

 

Hardware

Practise, procedure and risk with respect to hardware and hardware maintenance is analysed.

 

Operations

Close examination of operations procedures and practices is undertaken.

 

Personnel

Personnel policy is covered, with respect to such matters as recruitment, dependency and supervision.

 

Hazards

All major hazards are considered, including:

fire

flooding/water-damage

power

environmental systems

general issues.

 

Networks

Network security is analysed in depth. Some of the issues examined are:

use of dial-in

encryption

monitoring and audit

maintenance

physical controls

general practise

 

And MANY others...

Next Page Back to First Page


COBRA Purchase Page



Back to first page Copyright 2003 C & A Security Risk Analysis Group email