Security risk analysis world:  
information for security risk assessment  
risk analysis and security risk management  

 Directory of information for security risk analysis and risk assessment Contact Us Front Page
 

Other COBRA Products


 

Introduction

In addition to the Risk Consultant risk analysis system, the COBRA family comprises of a number of other security assessment knowledge based products. These employ the same software ‘look and feel’ as Risk Consultant, with the identical benefits in terms of ease of use and flexibility.

An important differentiation between the products, however, is that the following are not risk analysis tools. Their major purpose is to assess security against a pre-determined set of baseline standards or controls. In many ways they can be viewed as complimentary to the risk analysis exercise, focusing upon compliance against pre-determined criteria rather than matching security to actual business need.

The current set of products consists of:

ISO17799 Security Consultant

Policy Compliance Analyst

Data Protection Consultant

  

COBRA ISO17799 Security Consultant

ISO17799 covers the whole gamut of security issues. It consists of ten discrete sections, each focusing upon a specific aspect (ranging from Systems Development to Business Continuity).

The problem many organisations face is how to measure their compliance level against this and, thereafter, how to plan and implement changes to improve the situation. The bottom line is usually ‘how do you shape up and what can you do to comply?’.

ISO17799 Security Consultant is designed to act as a guide through this exercise. It will carefully measure compliance, making specific recommendations where appropriate. Through a series of questions with multiple choice responses, ISO17799 Security Consultant will:

 

Like all the COBRA products, ISO17799 Security Consultant is extremely easy to use, and requires no prior training. It is extremely flexible, focusing upon individual needs and culture. Furthermore, as a COBRA product, every element of the knowledge base can be changed or tailored using the Module Manager component.

It is the ideal aid for any company wishing to gauge its position against the code and become compliant with ISO17799.

  

COBRA Policy Compliance Analyst

Most organisations will have a comprehensive and documented security policy. These are the baseline measures which must be adopted throughout the organisation.

Policies are extremely important. Unfortunately, however, despite the worthy attentions during creation, their impact on the ground is often disappointing. This is a fatal flaw.... a policy not implemented might as well not exist.

At least as much attention should therefore be applied to implementing policies, organisation wide, as was applied to creating them. Implementation should be PLANNED and compliance MEASURED on an ongoing basis. But how?

Clearly, identifying, planning and scheduling policy compliance measures is a significant task and is one that can sometimes be overwhelming if attempted manually from a central point. To address this, and make organisation wide compliance manageable, a radical new approach was needed: Policy Compliance Analyst.

Essentially, using the Module Manager component, the organization’s policy can be integrated into the knowledge base of the product. Thereafter, the organization will have a tool which will:

Furthermore, the simplicity and ease of use of the enables copies of the created 'compliance checker' to be devolved, if required. This allows sections, departments and business units to perform self assessments - to check their own compliance and act on the specific results.

This approach ensures consistent and objective compliance measurement. It enables policy to be issued along with the actual means to measure compliance and an aid to planning and implementing the necessary changes.

 

COBRA Data Protection Consultant

Data Protection Consultant is designed to assist organisations to achieve full compliance with Data Protection legislation .

Through a series of questions with multiple choice responses, this product will guide you through the act, interpreting legal jargon where necessary. It will:

Data Protection Consultant is extremely easy to use, and requires no prior training. It is extremely flexible and delivers unquestionable objectivity. It is the ideal tool to devolve to key personnel throughout the organisation. 



Back to First Page


COBRA Purchase Page



Back to first page Copyright © 2003 C & A Security Risk Analysis Group email