CORAS:
is a method for conducting security risk
analysis. Platform for risk analysis of security critical IT systems using UML,
based on the CORAS model-based risk assessment methodology. Contains an
XML and UML repository, facilitating management and reuse of analysis
results.
CORAS provides a
customised language for threat and risk modelling, and
comes with detailed guidelines explaining how the language
should be used to capture and model relevant information
during the various stages of the security analysis. In this
respect CORAS is model-based. The Unified Modelling Language
(UML) is typically used to model the target of the
analysis. For documenting intermediate results, and for
presenting the overall conclusions we use special CORAS
diagrams which are inspired by UML. The CORAS method
provides a computerised
tool
designed to support
documenting, maintaining and reporting analysis results
through risk modelling.
Download Link :
http://coras.sourceforge.net/downloads.html
or
http://sourceforge.net/projects/coras/files/latest/download?source=navbar
Microsoft Security Assessment Tool 4.0:
is the revised version of the
original Microsoft Security Risk Self-Assessment Tool (MSRSAT), released
in 2004 and the Microsoft Security Assessment Tool 2.0 released in
2006. Security issues have evolved since 2004 so additional questions
and answers were needed to ensure you had a comprehensive toolset to
become more aware of the evolving security threat landscape that could
impact your organization.
There are two assessments that define the Microsoft Security Assessment Tool:
- Business Risk Profile Assessment
- Defense in Depth Assessment (UPDATED)
Download Link : http://www.microsoft.com/en-in/download/details.aspx?id=12273
PTA (Practical Threat Analysis):
is a risk
assessment methodology and a suite of software tools that enable users to find the most
beneficial and cost-effective way to secure systems and
applications according to their specific functionality and environment.
Download link : http://www.software.co.il/ptadownload/pta1215.exe
ISO 17799 RAT ( Risk Analysis Toolkit ) :
to perform risk analysis based on the ISO 17799 on public or private companies.
This analysis was conducted by questionnaire, from which reports on security policies will be generated to perform in the organization to address the risks identified.
Confidentiality, integrity, availability, authenticity and traceability (accountability): the risks are analyzed in several dimensions. The impact of risk is also analyzed
To address the risks and impact are proposed:
Safeguards (or countermeasures)
Safety Standards
Safety procedures
Elements backup (back up)
Disaster Recovery Plans
The motivation for choosing this project has been the lack of free software tools that enable risk management in organizations, especially SMEs can not afford the cost of existing commercial tools on the market.
Download Link : http://ratiso17799.sourceforge.net/descargas.html
Security Officers Management and Analysis Project (SOMAP):
is all about
defining security management work methods and supplying Security
Officers with tools to do their job more efficient and following
standards easily.
- Information Security Risk Management Methodologies and Tools
- Open Risk Model Repository
- Risk Assessment
- Risk Management
Download Link : http://sourceforge.net/projects/somap/files/latest/download?source=navbar