COBRA Risk Consultant Features
COBRA Risk Consultant provides a complete risk analysis service, compatible with most recognised methodologies (qualitative and quantitative). It is a questionnaire based PC system using ‘expert’ system principles and an extensive knowledge base. It evaluates the relative importance of all threats and vulnerabilities and generates appropriate recommendations and solutions. In addition, its reports provide a written assessment and relative risk score, or level, for each risk category. The risks identified are automatically linked with the potential implications (financial, customer loss, etc.) for the business or department.
A major feature is the modularisation of the Risk Consultant knowledge base. This enables question modules to be directed at personnel with the appropriate expertise and knowledge. For new developments, it also allows a stage by stage assessment (design, development, acceptance testing & implementation). As well as increasing accuracy, this approach enables more detail and precision and thus ensures better results and solutions.
No two enterprises are the same, and neither are their security requirements. Risk Consultant will therefore generate questionnaires, from ‘knowledge base’ question modules, that are specifically suited to the organisation, environment and system under evaluation. This function is also performed dynamically as questions are answered and Risk Consultant obtains more information.
COBRA Risk Consultant is designed to be truly self-analytical. It can be used without the need for detailed security knowledge or expertise in using risk management software. There is no need to hire expensive consultants to back-up the system.
‘Hypothesis testing’ is fully supported. The impact that specific additional controls would have on a system’s risk level can be dynamically ascertained. It is thus possible to quickly establish the most cost effective solution to individual exposures.
The reports produced by Risk Consultant are NOT standard computer output. They are professional business reports and are suitable for interpretation by both technical and non-technical management. A range of report formats are available, and for maximum flexibility all sections are optional. In addition, output can be directed to paper, to a terminal, or to a file (for possible import into a word processing package).