Skip over navigation
Ultima Risk Management Logo linking to homepage
  • Contact us
  • Site map
  • Home
  • Consultancy
    • Introduction
    • Information Security (ISO 27001)
    • Business Continuity Management (BS 25999)
    • PCI DSS
    • IT Service Management (ITIL & ISO 20000)
    • Data Protection
    • Information Risk Management
    • Software Asset Management
    • Polices & Procedures
  • Training
    • Training Courses
    • CISMP - ISEB Certificate in Information Security Management Principles
    • PCBCM - ISEB Practitioner Certificate in Business Continuity Management
    • PCIRM - ISEB Practitioner Certificate in Information Risk Management
    • SAM - ISEB Certificate in Software Asset Management Essentials
    • PCSAM - ISEB Practitioner Certificate in Software Asset Management
    • BCM - BCI Understanding BCM Principles and Good Practice
    • All other courses
    • Training Schedule
  • Products
    • ISO 27001 Risk Assessment Tool
    • BS 25999 Risk Assessment Tool
  • Events
    • BS 25999 Implementation Seminar
  • Case Studies
    • Audatex - Global first Dual certification
  • About us
    • Company Profile
    • URM's Partners
    • How to contact us
Home / Product Introduction / ISO 27001 Risk Assessment Tool
getting the balance right
Getting the Balance Right

ISO 27001 Risk Assessment Tool

Information Risk Assessment

ISO 27001 is the world's leading information security management system (ISMS) Standard to which organisations can either comply or certify (auditable by a third party certification body). It is intended to be used in conjunction with ISO 27002 (previously ISO 17799) the Code of Practice for Information Security Management, which lists security control objectives and recommends a range of specific security controls. The cornerstone of both Standards is the need to build the ISMS on a sound assessment of information risks.

The risk assessment needs to be robust, auditable and repeatable and follow the recommended format of:

  • Identifying assets and the business impact associated with a breach of information security
  • Identifying vulnerabilities and threats, also the likelihood that these threats will materialise
  • Identifying the controls that are currently implemented
  • Delivering a Risk Treatment Plan (RTP) and Statement of Applicability (SoA)

URM's Risk Assessment Tool

In response to this requirement URM's senior risk consultants have developed Abriska 27001, a fully automated, intuitive and flexible information risk assessment tool. The tool has been developed and refined in conjunction with some of the UK's leading certification bodies and has been used successfully on a number of compliance and certification projects.

With abriska 27001, organisations of any size and from any sector are able to conduct threat based risk assessments on any group of information assets.

The tool is unique in its flexibility with the use of security processes to establish ownership and accountability for risk treatment. Abriska 27001 has been designed to deliver a pragmatic and cost effective risk assessment solution to those organisations looking to conduct their first risk assessment or repeat risk assessment required by ISO 27001 as part of the continuous improvement cycle (Plan, Do, Check,Act).

Benefits of abriska 27001 include:

  • Proven methodology which has been endorsed by leading UK certification bodies
  • Understandable to "non-risk" professionals
  • Follows the best practice of combined security standards
  • Focuses on security as a whole rather than a specific technical solution
  • Distributes the workload within the organisation.
  • Product Introduction
  • Abriska 27001
  • Abriska 25999
    • Risk Assessment Methodology
    • Risk Assessment Benefits
    • Risk Reporting
    • Case Study

Copyright © Ultima Risk Management, 2008. All Rights Reserved.

contact us | careers | terms of use | privacy | site map