Risk Tools Comparison

Tool
Name

Description

RM phases
supported

Functional RM methods
ity
supported

Supplier

vsRisk

vsRisk has been

designed with
ISO/IEC 27001
certification in
mind, but also
supports Risk
Assessments based
on the ISO/IEC
27002 and 27005
methodologies. It is
also compatible
with other IS
standards like
BS7799-3, NIST 80026 and 800-30, as
well as the ISF
standards and
others

1. Risk
Assessment:
(a) Risk
Identification:
Yes
(b) Risk Analysis:
Yes
(c) Risk
Evaluation: Yes

Wizard- ISO/IEC 27002,

based
ISO/IEC 27005,
approac FRAP
h to
simplify
and
accelera
te the
RA
process
ISO/IEC
27001
controls
as well
as the
ability
to
import
addition
al

Vendor name:
Vigilant
Software

2. Risk treatment:
Yes
3. Risk
communication:
Yes (via reports)

Website:
http://www.vi
gilantsoftware.
co.uk/

Price:
1,323.35

Tool
Name

Description

RM Studio RM Studio is a
full-featured,
customizable and
dynamic solution
that combines
business
continuity
management
software and risk
management
software into one
simple to use
platform. RM
Studio guides
users through the
process of risk
assessment, risk
treatment and
risk management.

RM phases
supported

Functionalit RM methods
y
supported

Supplier

1. Risk Assessment:
(a) Risk
Identification:
Yes (using Threat
library)
(b) Risk Analysis: Yes
(c) Risk Evaluation:
Yes (based on
pre-defined or
custom
templates)

Analyzing
and
evaluatin
g risks
based on
Assetvalue,
C/I/A,
impact,
probabilit
y
vulnerabi
lity or
other
custom
criteria
Embedde
d
standards
, controls
and

Vendor
name:
Stiki
Information
Security
(Iceland)

2. Risk treatment:
Yes (based on predefined or custom
templates)
3. Risk
communication: Yes
(via 11 different
reports and result

ISO/IEC 27002,
ISO/IEC 27005,
FRAP
IT-Grundschutz

Website:
http://w
ww.riskm
anagemen
tstudio.co
m

Price: On
request

Tool
Name

Description

RM phases
supported

Functionality

Resolv
er
Ballot

"Resolver Ballot 1. Risk

(Remote) anonymous
is an anonymous
Assessme
voting on impact,
risk workshop
nt:
likelihood or any
assessment tool (a) Risk
other criteria for each
that enables
Identifica
risk (from wireless
groups to make
tion: Yes
keypad, mobile
better decisions
Risk
phone, or computer)
in less time,
Analysis: Assess control
with less
Yes
effectiveness Focus
arguing."
(b) Risk
and facilitate
Evaluatio
discussions on topics
n: Yes
without agreement to
share viewpoints and
2. Risk
re-vote after
treatment:
discussion to see the
No
change
Generation of
3. Risk
standard or custom
communicati
heat maps (e.g.
on: No
inherent vs. residual
risk or Year 1 vs. Year

RM methods
supported

Supplier

ISO 27002
NIST 800-53
COBIT 5
SOX
C-SOX
COSO 2013
ISO 31000
PCI
NERC

Vendor
name:
Resolver
(Canada)
Website:
http://w
ww.resolv
er.com/
Price:
from
C1300 per
year

Some other options

http://www.proteuscyber.com/

Price: Proteus Solo: 694 /year

Proteus Professional: 6942 /year or 694 /month

Proteus Enterprise : on request