Alan Calder, Founder and Executive Chairman of IT Governance, the holding company of Vigilant Software, says: “The new version of vsRisk enables risk assessors to choose from either an asset-based or scenario-based risk assessment methodology, in line with the more flexible approach in dealing with risk assessments, as supported by ISO27001:2013.
“vsRisk 2.3 also includes features such as the option to use control sets from either ISO27001:2013, ISO27001:2005 or the cyber security standard, ISO27032, in addition to producing advanced audit-ready reports. The multiple ISMS feature provides the flexibility to easily switch between multiple ISMSs from a single tool, presenting numerous benefits for information security consultants, or organisations that have more than one ISMS.”
vsRisk presents a risk assessment framework that is easy to use, flexible and intuitive, helping the risk assessor or risk consultant to complete cyber security risk assessments in no time.
The option also exists to create views and categories based on risks, owners, assets or even customised groups, such as the HR or Finance Department, as well as creating additional sub-groups.
Calder says, “The software includes a database of common threats and vulnerabilities from ISO27005, as well as a database of common risk scenarios. The user-friendly interface, risk assessment framework and built-in databases eliminate the need to start the risk assessment process from scratch, helping to speed up the process of conducting a risk assessment by over 70%.
“In addition to the integrated databases and control sets, there is also the option to create and add additional controls and risks.”
vsRisk is available in standalone, single user or network-enabled versions, and includes a multi-user option that enables groups of risk assessors to conduct risk assessments at the same time across the organisation, with one tool - using a similar format and consistent approach - which ensures uniformity.
Other features include integrated security that enables single-sign-on, as well as reports that can be edited, customised and shared across the business and with auditors.