IT GRC and RM Tools

Check updated links for the IT-GRC vendors and some IT based risk management tool/software providers.
IT-GRC solution Providers:

Agiliance
http://www.agiliance.com/
Archer ( acquired Brabeion)
http://www.archer-tech.com/solutions/index.html
Trustwave GRC
https://www.trustwave.com/GRC.php
Symantec (Control Compliance Suite)
http://eval.symantec.com/mktginfo/enterprise/fact_sheets/b-datasheet_control_compliance_suite_9.0-11_2008_14121573.en-us.pdf
Compliance Spectrum
http://www.compliancespectrum.com/
Modulo
http://www.modulo.com/home.jsp
NetIQ
http://www.netiq.com/solutions/scm/default.asp
eIQ Networks SecureVue
http://www.eiqnetworks.com/products/SecureVue/SecureVue_Technology.shtml
CA GRC
http://www.ca-grc.com/
Relational Security – RSAM
http://www.relsec.com/rsam_overview.htm
Logicalis grace (acquired Iconium Assets)
http://www.uk.logicalis.com/business_issues/governance_grace.asp
Lumension (acquired Security-Works)
http://www.lumension.com/landing.spring?contentId=154643
Oracle (formerly Logical Apps and Oracle GRC Manager)
http://www.oracle.com/solutions/corporate_governance/it-grc-management.html
Proteus
http://www.infogov.co.uk/proteus_enterprise/index.php
BPS
http://www.bpsinc.com/
Avedos
http://www.avedos.com/257-Home-EN.html
BWise
http://www.bwise.com/
Neupart
http://www.neupart.com/
Metric Stream
http://www.metricstream.com/
Nemea
http://www.nemea.us/
Highpoint
http://www.highpointgrc.com/
Paisley (now Thomson Reuters)
http://www.paisley.com/
OpenPages
http://www.openpages.com/Solutions/Technology_17.asp
Qumas
http://www.qumas.com/products/index.asp
IDS Scheer
http://www.ids-scheer.com/us/en/ARIS/ARIS_Solutions/Governance_Risk__Compliance_Management/139893.html Axentis
http://www.axentis.com/offerings/solutions/itgovernance
Methodware
http://www.methodware.com/it-security/
Protiviti
http://www.protiviti.com/grc-software/Pages/default.aspx
Cura Software
http://www.curasoftware.com/pages/content.asp?SectionId=7&SubSectionID=48
Mega
http://www.mega.com/index.asp/l/en/c/grc
ControlCase
http://controlcase.com/it-grc.htm
McAfee Risk and Compliance Manager (formerly McAfee Preventsys),
http://www.mcafee.com/us/local_content/white_papers/dashboard_reporting_it_grc.pdf
Greenlightcorp (SAP GRC)
http://www.greenlightcorp.net/sap_grc_cross_platform.html
Trintech -Financial GRC only
http://www.trintech.com/
SAI global
http://www.saiglobal.com/compliance/grc-software/
SAP
http://www.sap.com/solutions/sapbusinessobjects/large/governance-risk-compliance/index.epx
eFortresses
http://www.efortresses.com/Compliantz.htm
Simeio Solutions GRCAXS (IT GRC module)
http://www.simeiosolutions.com/
Compliance 360 ( eGRC )
http://www.compliance360.com/news.asp

Risk Management Tools

Callio
http://www.callio.com/
Casis
http://www.clearpriority.com/ (clearpriority)
Strategic Thought Active Risk Manager
http://www.strategicthought.com/riskmanagement.html
Cobra
http://www.riskworld.net/
Citicus
http://www.citicus.com/oursoftware.asp
Alion – Countermeasures (makers of Buddy System)
http://www.countermeasures.com/
Siemens – CRAMM
http://www.cramm.com/
Acuity Stream
http://www.acuityrm.com/
EAR/Pilar
http://www.ar-tools.com/en/index.html
GStool (mainly German)
https://www.bsi.bund.de/cln_136/EN/topics/ITGrundschutz/ITGrundschutzGSTOOL/itgrundschutzgstool_node.html Sigea GxSGSI (this site is in Spanish only)
http://www.gxsgsi.es/
RA2
http://www.aexis.de/index.php?site=static&staticID=4
RiskPAC
http://www.cpacsweb.com/riskpac.html
Risicare (French)
http://www.risicare.fr/
Riskwatch
http://www.riskwatch.com/
ISmart
http://www.biznet.com.tr/english/ismart_info.htm
Resolver
http://www.resolver.ca/
RMStudio
http://www.riskmanagementstudio.com/
RiskConnect
http://www.riskonnect.com/riskonnect_products.html
PTA Risk Assessment Tools and Technology
http://www.ptatechnologies.com/
Avedos Risk2Value
http://www.avedos.com/111-Short-Facts.html
Non-IT Risk Software
http://www.riskworld.com/SOFTWARE/sw5sw001.htm

Methodologies for Risk Assessment and Management

ISO 14971 – Risk Management for Medical Technologies
NIST 800-30 Risk Management Guide for IT Systems – National Institute of Standards and Technology
OCTAVE (Carnegie Mellon)
The Institute of Risk management (IRM) The Risk Management Standard
ISO 13335-2 Information Security Risk Management, To be replaced by ISO/IEC IS 27005
BS 7799-3:2006 Information security management systems. Guidelines for information security risk management
BSI Grundschutz Handbuch
ENISA Regulation (2004)
PARA – Practical application of risk analysis
PTA – Practical Threat Analysis for Securing Computerized Systems
Austrian IT Security Handbook
Federal Financial Institutions Examination Council’s (FFIEC) IT handbook covers information security risk assessment
Threat and Risk Assessment Working Guide from The Government of Canada Security Policy
CRAMM – British Office of Government Commerce or The CCTA’s (Central Computer and Telecommunications Agency) Risk Analysis and Management Method
Afhankelijkheids- en Kwetsbaarheidsanalyse (Dutch A&K)
EBIOS (French Government)
FRAP: Facilitated Risk Assessment Process
ISF –IRAM : Information Security Forum Ltd. Information Risk Analysis Methodologies . Also check FIRM (Fundamental Information Risk Management), SARA (Simple to Apply Risk Analysis) , SPRINT (Simplified Process for Risk Identification)
CLUSIF MEHARI – Club de la Sécurité de l’Information Français
Calpana CRISAM
Securitree from Ameneza
OSSTMM RAV (RAV stands for Risk Assessment Values)
SOMAP – Security Officers Management and Analysis Project
FAIR Factor Analysis of Information Risk
DRAM Delphic Risk Assessment Method
Buddy System
AS/NZS 4360 (2004) Risk Management. Australia/New Zealand standard for risk management

Compliance Management/SIM/SIEM solutions which partially present GRC.

Tivoli Security Compliance Manager
http://www-01.ibm.com/software/tivoli/products/security-compliance-mgr/
Novell Compliance Management Platform
http://www.novell.com/products/compliancemanagementplatform/
Easy2comply (formerly Dynasec)
http://www.easy2comply.com/
AlertLogic
http://www.alertlogic.com/
NetForensics
http://www.netforensics.com/compliance/
Arcsight
http://www.arcsight.com/solutions/solutions-compliance/
RSA enVision
http://www.rsa.com/solutions/compliance/datasheets/9373_ISOENV_DS_0408-lowres.pdf
Intellitactics
http://www.intellitactics.com/int/solutions/compliance.asp

Source

http://security.24kasim.org/2009/08/it-governance-risk-and-compliance-itgrc.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s