RAMSES (Risk Analysis and Management System for Enhanced Security) is a methodology and tool to support information security management suitable for all types of organizations. The SaaS (Software as a Service) model offers efficient and fast access to RAMSES with low costs and without infrastructure investment.
RISK ANALYSIS AND MANAGEMENT SYSTEM FOR ENHANCED SECURITY
RAMSES is a convenient tool for organizations that are implementing or already operating security and continuity management systems (ISMS, BCMS). The tool is based on the proven RAC RAMSES methodology, which is based on the recommendations of ISO / IEC 27005. Threat and vulnerability questionnaires, countermeasures library and risk assessment procedures are fully integrated into the tool, which offers a very effective use of qualitative RAC RAMSES methodology. The web interface allows easy access to an unlimited number of users who complete threat and vulnerability questionnaires, work with the countermeasures library, or enter BCM parameters. The tool also contains preset reports showing the level of compliance with ISO / IEC 27001 and ISO 22301 standards.
It allows you to analyze all types of information systems, in all phases of their life cycle, including the evaluation of critical processes. Tool is unique in that it integrates additional modules within one environment to support individual security processes in organizations. All internal security policies can be imported into RAMSES and the level of compliance can be reported. It allows you to create and constantly update complete safety documentation.
RAMSES also supports importing previous analyzes from CRAMM.
WHAT QUESTIONS CAN YOU QUICKLY FIND THE ANSWERS?
How can the unavailability, disclosure or modification of data affect your business goals?
What threats threaten your system, what weaknesses does your system have?
What level of security to choose to be effective and cheap?
What level of authentication does your new e-business application require?
How to evaluate which cryptographic services are needed?
Does your current security architecture provide sufficient protection for your new ERP system?
Is the physical security of your data center sufficient?
How to justify and defend the security costs of your organization’s management?
and more…
RAMSES TOOL IN PRACTICE
All steps of the information risk management and continuity management process fully correspond to the requirements of the stated standards. Key information, such as mandatory parts and ISO 27001 measures, are quoted directly in the reports. Due to the implementation of standards directly into RAMSES, it is very easy to demonstrate the level of compliance with security standards with just one click.
WHAT IS POSSIBLE WITH RAMSES?
– Perform a risk assessment of the information system in accordance with ISO / IEC 27005
– Perform a risk assessment in accordance with the requirements of the Act on Cyber Security No. 181/2014 Coll.
– Determine in detail the value of data processed in the information system
– Identify the most risky parts of the information system
– Propose countermeasures to reduce identified risks
– Fully support the ISMS implementation process in accordance with ISO / IEC 27001
– Create and constantly update complete security documentation
– Prepare the entire system for certification according to ISO / IEC 27001
– Analyze all types of information systems, in all phases of their life cycle
– Record GDPR requirements
KEY FEATURES OF RAMSES
– Direct support of ISMS, BCMS, BOZP, GDPR, ZoKB
– Czech, English and Spanish version
– Import of analyzes from the CRAMM tool
– Support of the information risk management process
– Management of information assets
– Connection with CMDB
– Risk register
– Impact analysis (BIA)
– Collection and processing of data for risk assessment
– Threat and vulnerability assessment
– Risk analysis
– Current security status reports
– Evaluation of critical processes
– Measurement of security status
– Preparation for certification audits ISO 27001, ISO 22301
– Declaration of applicability
– Risk management plan
– Support for the implementation of security projects
– Financial reports for implementation decisions
– Control of compliance with the requirements of the Act on Cyber Security No. 181/2014 Coll.
– Control of compliance with GDPR requirements.
WHAT IS POSSIBLE WITH RAMSES?
– Perform a risk assessment of the information system in accordance with ISO / IEC 27005
– Perform a risk assessment in accordance with the requirements of the Act on Cyber Security No. 181/2014 Coll.
– Determine in detail the value of data processed in the information system
– Identify the most risky parts of the information system
– Propose countermeasures to reduce identified risks
– Fully support the ISMS implementation process in accordance with ISO / IEC 27001
– Create and constantly update complete security documentation
– Prepare the entire system for certification according to ISO / IEC 27001
– Analyze all types of information systems, in all phases of their life cycle
– Record GDPR requirements
KEY FEATURES OF RAMSES
– Direct support of ISMS, BCMS, BOZP, GDPR, ZoKB
– Czech, English and Spanish version
– Import of analyzes from the CRAMM tool
– Support of the information risk management process
– Management of information assets
– Connection with CMDB
– Risk register
– Impact analysis (BIA)
– Collection and processing of data for risk assessment
– Threat and vulnerability assessment
– Risk analysis
– Current security status reports
– Evaluation of critical processes
– Measurement of security status
– Preparation for certification audits ISO 27001, ISO 22301
– Declaration of applicability
– Risk management plan
– Support for the implementation of security projects
– Financial reports for implementation decisions
– Control of compliance with the requirements of the Act on Cyber Security No. 181/2014 Coll.
– Control of compliance with GDPR requirements.
RAMSES TRAINING
At present, when many organizations feel the need to ensure the proper functioning of their information system, the training program prepared by our specialists gives an opportunity to gain practical experience with the RAMSES tool and knowledge of methodology. The acquired knowledge and know-how are sufficient for its full use in the analysis and risk management of information systems.
If you are an existing user of the CRAMM methodology, or a new user of the RAMSES tool, you will appreciate the training we offer, where in addition to the initial acquaintance with the RAMSES methodology you will get acquainted with its application in ISMS implementation according to ISO / IEC 27001
RAMSES TRAINING
At present, when many organizations feel the need to ensure the proper functioning of their information system, the training program prepared by our specialists gives an opportunity to gain practical experience with the RAMSES tool and knowledge of methodology. The acquired knowledge and know-how are sufficient for its full use in the analysis and risk management of information systems.
If you are an existing user of the CRAMM methodology, or a new user of the RAMSES tool, you will appreciate the training we offer, where in addition to the initial acquaintance with the RAMSES methodology you will get acquainted with its application in ISMS implementation according to ISO / IEC 27001
RAMSES TRAINING
At present, when many organizations feel the need to ensure the proper functioning of their information system, the training program prepared by our specialists gives an opportunity to gain practical experience with the RAMSES tool and knowledge of methodology. The acquired knowledge and know-how are sufficient for its full use in the analysis and risk management of information systems.
If you are an existing user of the CRAMM methodology, or a new user of the RAMSES tool, you will appreciate the training we offer, where in addition to the initial acquaintance with the RAMSES methodology you will get acquainted with its application in ISMS implementation according to ISO / IEC 27001
Do you want to know more information? Don’t hesitate to contact us!
Do you want to know more information? Don’t hesitate to contact us!