CORAS:is a method for conducting security risk analysis. Platform for risk analysis of security critical IT systems using UML, based on the CORAS model-based risk assessment methodology. Contains an XML and UML repository, facilitating management and reuse of analysis results.
CORAS provides a customised language for threat and risk modelling, and comes with detailed guidelines explaining how the language should be used to capture and model relevant information during the various stages of the security analysis. In this respect CORAS is model-based. The Unified Modelling Language (UML) is typically used to model the target of the analysis. For documenting intermediate results, and for presenting the overall conclusions we use special CORAS diagrams which are inspired by UML. The CORAS method provides a computerised tool designed to support documenting, maintaining and reporting analysis results through risk modelling.
Download Link :
Microsoft Security Assessment Tool 4.0:
is the revised version of the original Microsoft Security Risk Self-Assessment Tool (MSRSAT), released in 2004 and the Microsoft Security Assessment Tool 2.0 released in 2006. Security issues have evolved since 2004 so additional questions and answers were needed to ensure you had a comprehensive toolset to become more aware of the evolving security threat landscape that could impact your organization.
There are two assessments that define the Microsoft Security Assessment Tool:
- Business Risk Profile Assessment
- Defense in Depth Assessment (UPDATED)
PTA (Practical Threat Analysis):is a risk assessment methodology and a suite of software tools that enable users to find the most beneficial and cost-effective way to secure systems and applications according to their specific functionality and environment.
Download link : http://www.software.co.il/ptadownload/pta1215.exe
ISO 17799 RAT ( Risk Analysis Toolkit ) :
to perform risk analysis based on the ISO 17799 on public or private companies.
This analysis was conducted by questionnaire, from which reports on security policies will be generated to perform in the organization to address the risks identified.
Confidentiality, integrity, availability, authenticity and traceability (accountability): the risks are analyzed in several dimensions. The impact of risk is also analyzed
To address the risks and impact are proposed:
Safeguards (or countermeasures)
Elements backup (back up)
Disaster Recovery Plans
The motivation for choosing this project has been the lack of free software tools that enable risk management in organizations, especially SMEs can not afford the cost of existing commercial tools on the market.
Download Link : http://ratiso17799.sourceforge.net/descargas.html
Security Officers Management and Analysis Project (SOMAP):
is all about defining security management work methods and supplying Security Officers with tools to do their job more efficient and following standards easily.
- Information Security Risk Management Methodologies and Tools
- Open Risk Model Repository
- Risk Assessment
- Risk Management