//
you're reading...
Security

IT GRC and RM Tools

Posted by Leave a Comment

Check updated links for the IT-GRC vendors and some IT based risk management tool/software providers.
IT-GRC solution Providers:

Agiliance

http://www.agiliance.com/

Archer ( acquired Brabeion)

http://www.archer-tech.com/solutions/index.html

Trustwave GRC

https://www.trustwave.com/GRC.php

Symantec (Control Compliance Suite)

http://eval.symantec.com/mktginfo/enterprise/fact_sheets/b-datasheet_control_compliance_suite_9.0-11_2008_14121573.en-us.pdf

Compliance Spectrum

http://www.compliancespectrum.com/

Modulo

http://www.modulo.com/home.jsp

NetIQ

http://www.netiq.com/solutions/scm/default.asp

eIQ Networks SecureVue

http://www.eiqnetworks.com/products/SecureVue/SecureVue_Technology.shtml

CA GRC

http://www.ca-grc.com/

Relational Security – RSAM

http://www.relsec.com/rsam_overview.htm

Logicalis grace (acquired Iconium Assets)

http://www.uk.logicalis.com/business_issues/governance_grace.asp

Lumension (acquired Security-Works)

http://www.lumension.com/landing.spring?contentId=154643

Oracle (formerly Logical Apps and Oracle GRC Manager)

http://www.oracle.com/solutions/corporate_governance/it-grc-management.html

Proteus

http://www.infogov.co.uk/proteus_enterprise/index.php

BPS

http://www.bpsinc.com/

Avedos

http://www.avedos.com/257-Home-EN.html

BWise

http://www.bwise.com/

Neupart

http://www.neupart.com/

Metric Stream

http://www.metricstream.com/

Nemea

http://www.nemea.us/

Highpoint

http://www.highpointgrc.com/

Paisley (now Thomson Reuters)

http://www.paisley.com/

OpenPages

http://www.openpages.com/Solutions/Technology_17.asp

Qumas

http://www.qumas.com/products/index.asp

IDS Scheer
http://www.ids-scheer.com/us/en/ARIS/ARIS_Solutions/Governance_Risk__Compliance_Management/139893.html Axentis

http://www.axentis.com/offerings/solutions/itgovernance

Methodware

http://www.methodware.com/it-security/

Protiviti

http://www.protiviti.com/grc-software/Pages/default.aspx

Cura Software

http://www.curasoftware.com/pages/content.asp?SectionId=7&SubSectionID=48

Mega

http://www.mega.com/index.asp/l/en/c/grc

ControlCase

http://controlcase.com/it-grc.htm

McAfee Risk and Compliance Manager (formerly McAfee Preventsys),

http://www.mcafee.com/us/local_content/white_papers/dashboard_reporting_it_grc.pdf

Greenlightcorp (SAP GRC)

http://www.greenlightcorp.net/sap_grc_cross_platform.html

Trintech -Financial GRC only

http://www.trintech.com/

SAI global

http://www.saiglobal.com/compliance/grc-software/

SAP

http://www.sap.com/solutions/sapbusinessobjects/large/governance-risk-compliance/index.epx

eFortresses

http://www.efortresses.com/Compliantz.htm

Simeio Solutions GRCAXS (IT GRC module)

http://www.simeiosolutions.com/

Compliance 360 ( eGRC )

http://www.compliance360.com/news.asp

Risk Management Tools

Callio

http://www.callio.com/

Casis
http://www.clearpriority.com/ (clearpriority)
Strategic Thought Active Risk Manager

http://www.strategicthought.com/riskmanagement.html

Cobra

http://www.riskworld.net/

Citicus

http://www.citicus.com/oursoftware.asp

Alion – Countermeasures (makers of Buddy System)

http://www.countermeasures.com/

Siemens – CRAMM

http://www.cramm.com/

Acuity Stream

http://www.acuityrm.com/

EAR/Pilar

http://www.ar-tools.com/en/index.html

GStool (mainly German)
https://www.bsi.bund.de/cln_136/EN/topics/ITGrundschutz/ITGrundschutzGSTOOL/itgrundschutzgstool_node.html Sigea GxSGSI (this site is in Spanish only)

http://www.gxsgsi.es/

RA2

http://www.aexis.de/index.php?site=static&staticID=4

RiskPAC

http://www.cpacsweb.com/riskpac.html

Risicare (French)

http://www.risicare.fr/

Riskwatch

http://www.riskwatch.com/

ISmart

http://www.biznet.com.tr/english/ismart_info.htm

Resolver

http://www.resolver.ca/

RMStudio

http://www.riskmanagementstudio.com/

RiskConnect

http://www.riskonnect.com/riskonnect_products.html

PTA Risk Assessment Tools and Technology

http://www.ptatechnologies.com/

Avedos Risk2Value

http://www.avedos.com/111-Short-Facts.html

Non-IT Risk Software

http://www.riskworld.com/SOFTWARE/sw5sw001.htm

Methodologies for Risk Assessment and Management

ISO 14971 – Risk Management for Medical Technologies
NIST 800-30 Risk Management Guide for IT Systems – National Institute of Standards and Technology
OCTAVE (Carnegie Mellon)
The Institute of Risk management (IRM) The Risk Management Standard
ISO 13335-2 Information Security Risk Management, To be replaced by ISO/IEC IS 27005
BS 7799-3:2006 Information security management systems. Guidelines for information security risk management
BSI Grundschutz Handbuch
ENISA Regulation (2004)
PARA – Practical application of risk analysis
PTA – Practical Threat Analysis for Securing Computerized Systems
Austrian IT Security Handbook
Federal Financial Institutions Examination Council’s (FFIEC) IT handbook covers information security risk assessment
Threat and Risk Assessment Working Guide from The Government of Canada Security Policy
CRAMM – British Office of Government Commerce or The CCTA’s (Central Computer and Telecommunications Agency) Risk Analysis and Management Method
Afhankelijkheids- en Kwetsbaarheidsanalyse (Dutch A&K)
EBIOS (French Government)
FRAP: Facilitated Risk Assessment Process
ISF –IRAM : Information Security Forum Ltd. Information Risk Analysis Methodologies . Also check FIRM (Fundamental Information Risk Management), SARA (Simple to Apply Risk Analysis) , SPRINT (Simplified Process for Risk Identification)
CLUSIF MEHARI – Club de la Sécurité de l’Information Français
Calpana CRISAM
Securitree from Ameneza
OSSTMM RAV (RAV stands for Risk Assessment Values)
SOMAP – Security Officers Management and Analysis Project
FAIR Factor Analysis of Information Risk
DRAM Delphic Risk Assessment Method
Buddy System
AS/NZS 4360 (2004) Risk Management. Australia/New Zealand standard for risk management

Compliance Management/SIM/SIEM solutions which partially present GRC.

Tivoli Security Compliance Manager

http://www-01.ibm.com/software/tivoli/products/security-compliance-mgr/

Novell Compliance Management Platform

http://www.novell.com/products/compliancemanagementplatform/

Easy2comply (formerly Dynasec)

http://www.easy2comply.com/

AlertLogic

http://www.alertlogic.com/

NetForensics

http://www.netforensics.com/compliance/

Arcsight

http://www.arcsight.com/solutions/solutions-compliance/

RSA enVision

http://www.rsa.com/solutions/compliance/datasheets/9373_ISOENV_DS_0408-lowres.pdf

Intellitactics

http://www.intellitactics.com/int/solutions/compliance.asp

Source

http://security.24kasim.org/2009/08/it-governance-risk-and-compliance-itgrc.html

Advertisement

About hakimkt

CISSP,CEH,Security+,ISMS Implementer

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Categories

Archives

Blogroll

Meta

Follow

Get every new post delivered to your Inbox.