If you’re implementing an information security management system in line with the international standard – ISO 27001 – you will know that an effective risk assessment tool is critical.
vsRisk is THE Definitive ISO27001:2005-compliant Information Security Risk Assessment Tool that delivers the results you are looking for through key features including:
 |
|
The unique vsRisk™ Risk Assessment Tool:
- Automates and delivers an ISO/IEC 27001-compliant risk assessment;
- Uniquely, vsRisk™ can assess confidentiality, integrity & availability for each of the business, legal and contractual aspects of information assets – as required by ISO 27001;
- Comprehensive best-practice alignment:
- Supports ISO/IEC 27002 and ISO/IEC27001:2005
- Complies with BS7799-3:2006
- Complies with ISO/IEC27005
- Complies with NIST SP 800-30
- Complies with the UK’s Risk Assessment Standard
- Wizard-based approach simplifies and accelerates the risk assessment process;
- Integrated, regularly updated, BS7799-3 compliant threat and vulnerability databases;
- Customisable assessment scales and risk acceptance criteria;
- Contains all ISO 27001/ISO 27002 controls with additional control databases available;
- Produces an audit-ready Statement of Applicability;
- Backup and restore capability;
- Clear, clean user interface with integrated help, making the tool easy-to-use.
It also integrates with the ITG ISMS Documentation Toolkit (integration templates supplied separately to all Documentation Toolkit purchasers).
I see that you mention both 27001 and 27002 … it’s good to remind people that the 27000 standard is a whole series of standards to support information security. If you plan to use this tool and are in the health care industry it would also be a good idea to review ISO 27799 “Health informatics – Information security management in health usingISO/IEC 27002”. That along with this assessment tool will help you focus on the areas of most importance to a health care provider.