CRAMM: Information Security Toolset
CRAMM Version 5 is today's most comprehensive, most award winning and widely adopted method for information security risk analysis and management.
CRAMM is applicable to all types of information systems and networks and can be applied at all stages in the information system lifecycle, from planning and feasibility, through development and implementation to live operation. CRAMM can be used whenever it is necessary to identify the security and/or contingency requirements for an information system or network. This may include:
- During strategy planning, where a high level risk analysis may be required to identify broad security or contingency requirements for the organisation and the relative costs and implications of their implementation
- At feasibility study stage, where a high level risk analysis may be required of potential solutions to identify the broad security or contingency requirements and associated costs of the different options
- During analysis of the detailed business and technical environments, where the security or contingency issues associated with the chosen option can be investigated or refined
- Prior to live running, to ensure that all required physical, procedural, personnel and technical security countermeasures have been identified and implemented
- At any point during live running, where there are concerns about security or contingency issues, eg. in response to a new or increased threat or following a security breach
- As part of regular security management, audit and change management programmes, to monitor both compliance and new requirements.
The current version CRAMM 5.2:
- contains Express mode for quick analysis
- contains Security Inspection mode to ensure that the required minimum standards are applied and continue to be applied, to maintain an organisation’s focus on the importance of security and as part of an ongoing security education and awareness programme.
- provides you the easy comparison of your compliance level with the standard ISO/IEC 27001:2005
- contains a library of 3500 countermeasures that completely comply with ISO/IEC 27002:2005.
Make your risk assessment more effective with CRAMM!
Support for the CRAMM tool will be available until the end of 2014. Licensed sales of CRAMM are not currently available. We offer the existing users of CRAMM the possibility to use our analytical tool RAMSES that was created using CRAMM based methodology and fulfills all the functionalities of CRAMM. One of its features is the possibility of transforming and utilizing the existing analytical outputs, taken in previous periods with CRAMM. Find out more on the RAMSES website.
RAC is a distributor of CRAMM for Middle and East European region.
For the price and delivery conditions please contact Risk Analysis Consultants, Spanelska 2, 120 00 Prague 2, Czech Republic.
Call: + 420 221 628 400
Fax: + 420 221 628 401
The responsible person: Mr. Antonin Smid