There are many ways to goal, We create the Optimal green one
There are many ways to goal, We create the Optimal green one.
Mehari first objective is to provide a risk assessment and management method, specifically in the domain of information security, compliant to ISO/IEC 27005:2008 requirements and providing the set of tools and elements required for its implementation.
- provides a risk management model, modular components and processes
- includes an asset classification - discovers vulnerabilities through audit
- analyzes a list of risk situations and provides seriousness levels for each
- bases its analysis on formulas and parameters
- allows an optimal selection of corrective actions
- gives additional compliance measures to ISO 27002 (17799-2005)
Links to ISO 2700x are provided and documented
Official web site : http://www.clusif.asso.fr
Availability: Free (Open Source)Target organizations:
- • Government, agencies
- • Large companies
- • SME
- • Commercial CIEs
- • Non commercial CIEs
Used in EU member states :
France – UK – Austria – Belgium – Germany – Poland – Italia - Romania - etc
Used in non-EU member states :
- Canada – Switzerland - Morocco – Lebanon – etc.
- MEHARI 2007 downloaded from more than 70 countries world wide
Target kind of users
- • Management
- • Operational
- • Technical
- • To introduce : Standard
- • To use : Standard
- • To maintain : Standard
•Applicable to operational risk reduction such as Basel II, SOX, etc.
Compliance to IT standards
- • Provides ISO 27002 compliance measurement for the organization, applicable for ISO 27001 ISMS process and certification
- • ISO/IEC 13335
Availability : Free download with optional identification
Maturity level of the Information system
The product gives a means of measurement for the maturity of the information system security It is possible to measure the I.S.S. maturity level : Maturity indicators (e.g. recovery plans, access controls, maintenance, incident management, etc.)
Tools supporting the method:
- • Non commercial tools: macros and commands: Excel, Open Office
- • Commercial tools: RISICARE from BUC SA
Tools can be integrated with other tools : data bases (e.g. SQL)
If a security auditor isn't in the budget, these 10 IT security audit tips will go a long way in empowering you to protect your business.
There is no formal definition for a security audit; and there is no legal requirement for a specified function called a security audit. Nevertheless, you need to do it; and the bigger you are, the more likely it is that there is effectively if not quite explicitly a legal requirement to do it.
PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority .
Trust Services helps differentiate entities from their competitors by demonstrating to stakeholders that the entities are attuned to the risks posed by their environment and equipped with the controls that address those risks.