RAMSES

  1. HOME
  2. RAMSES

RAMSES (Risk Analysis and Management System for Enhanced Security) is a methodology and tool to support information security management suitable for all types of organizations. The SaaS (Software as a Service) model offers efficient and fast access to RAMSES with low costs and without infrastructure investment.

RISK ANALYSIS AND MANAGEMENT SYSTEM FOR ENHANCED SECURITY

RAMSES is a convenient tool for organizations that are implementing or already operating security and continuity management systems (ISMS, BCMS). The tool is based on the proven RAC RAMSES methodology, which is based on the recommendations of ISO / IEC 27005. Threat and vulnerability questionnaires, countermeasures library and risk assessment procedures are fully integrated into the tool, which offers a very effective use of qualitative RAC RAMSES methodology. The web interface allows easy access to an unlimited number of users who complete threat and vulnerability questionnaires, work with the countermeasures library, or enter BCM parameters. The tool also contains preset reports showing the level of compliance with ISO / IEC 27001 and ISO 22301 standards.

It allows you to analyze all types of information systems, in all phases of their life cycle, including the evaluation of critical processes. Tool is unique in that it integrates additional modules within one environment to support individual security processes in organizations. All internal security policies can be imported into RAMSES and the level of compliance can be reported. It allows you to create and constantly update complete safety documentation.

RAMSES also supports importing previous analyzes from CRAMM.

WHAT QUESTIONS CAN YOU QUICKLY FIND THE ANSWERS?

How can the unavailability, disclosure or modification of data affect your business goals?
What threats threaten your system, what weaknesses does your system have?
What level of security to choose to be effective and cheap?
What level of authentication does your new e-business application require?
How to evaluate which cryptographic services are needed?
Does your current security architecture provide sufficient protection for your new ERP system?
Is the physical security of your data center sufficient?
How to justify and defend the security costs of your organization’s management?

and more…

RAMSES TOOL IN PRACTICE

All steps of the information risk management and continuity management process fully correspond to the requirements of the stated standards. Key information, such as mandatory parts and ISO 27001 measures, are quoted directly in the reports. Due to the implementation of standards directly into RAMSES, it is very easy to demonstrate the level of compliance with security standards with just one click.

WHAT IS POSSIBLE WITH RAMSES?

– Perform a risk assessment of the information system in accordance with ISO / IEC 27005
– Perform a risk assessment in accordance with the requirements of the Act on Cyber Security No. 181/2014 Coll.
– Determine in detail the value of data processed in the information system
– Identify the most risky parts of the information system
– Propose countermeasures to reduce identified risks
– Fully support the ISMS implementation process in accordance with ISO / IEC 27001
– Create and constantly update complete security documentation
– Prepare the entire system for certification according to ISO / IEC 27001
– Analyze all types of information systems, in all phases of their life cycle
– Record GDPR requirements

KEY FEATURES OF RAMSES

– Direct support of ISMS, BCMS, BOZP, GDPR, ZoKB
– Czech, English and Spanish version
– Import of analyzes from the CRAMM tool
– Support of the information risk management process
– Management of information assets
– Connection with CMDB
– Risk register
– Impact analysis (BIA)
– Collection and processing of data for risk assessment
– Threat and vulnerability assessment
– Risk analysis
– Current security status reports
– Evaluation of critical processes
– Measurement of security status
– Preparation for certification audits ISO 27001, ISO 22301
– Declaration of applicability
– Risk management plan
– Support for the implementation of security projects
– Financial reports for implementation decisions
– Control of compliance with the requirements of the Act on Cyber Security No. 181/2014 Coll.
– Control of compliance with GDPR requirements.

WHAT IS POSSIBLE WITH RAMSES?

– Perform a risk assessment of the information system in accordance with ISO / IEC 27005
– Perform a risk assessment in accordance with the requirements of the Act on Cyber Security No. 181/2014 Coll.
– Determine in detail the value of data processed in the information system
– Identify the most risky parts of the information system
– Propose countermeasures to reduce identified risks
– Fully support the ISMS implementation process in accordance with ISO / IEC 27001
– Create and constantly update complete security documentation
– Prepare the entire system for certification according to ISO / IEC 27001
– Analyze all types of information systems, in all phases of their life cycle
– Record GDPR requirements

KEY FEATURES OF RAMSES

– Direct support of ISMS, BCMS, BOZP, GDPR, ZoKB
– Czech, English and Spanish version
– Import of analyzes from the CRAMM tool
– Support of the information risk management process
– Management of information assets
– Connection with CMDB
– Risk register
– Impact analysis (BIA)
– Collection and processing of data for risk assessment
– Threat and vulnerability assessment
– Risk analysis
– Current security status reports
– Evaluation of critical processes
– Measurement of security status
– Preparation for certification audits ISO 27001, ISO 22301
– Declaration of applicability
– Risk management plan
– Support for the implementation of security projects
– Financial reports for implementation decisions
– Control of compliance with the requirements of the Act on Cyber Security No. 181/2014 Coll.
– Control of compliance with GDPR requirements.

LANGUAGE VERSIONS

RAMSES is available in Czech, English and Spanish. Users can easily change languages while working with the tool without having to log in again. The entire RAMSES, including the application and content part, can be translated into any language, or a specific language version can be created for a specific organization.

ROLE BASED ACCESS

Users work in RAMSES based on the roles assigned to them. Roles correspond to their job classification and responsibilities for individual assets or certain areas. Role-based access ensures easy user management and precise definition of access rights.

COMPLIANCE WITH STANDARDS

RAMSES covers all requirements of the standards and laws listed below (ZoKB, ZOOU) and is continuously supplemented as needed by other standards and legislative requirements.
The tool complies with basic safety standards and laws such as ISO / IEC 27001: 2013, ISO / IEC 27002: 2013, ISO / IEC 27005: 2011, ISO 22301: 2012, ČSN EN 16495,
Act No. 181/2014 Coll.,
Act No. 110/2019 Coll.

DATA SECURITY

RAMSES is operated on a secure infrastructure in an ISMS-certified environment according to ISO 27001. Data security is in accordance with European legislation, current standards and best security practices. All data is continuously backed up. Communication between the tool and end users is via the HTTPS protocol. RAMSES servers are continuously scanned by Qualys technology.

LANGUAGE VERSIONS

RAMSES is available in Czech, English and Spanish. Users can easily change languages while working with the tool without having to log in again. The entire RAMSES, including the application and content part, can be translated into any language, or a specific language version can be created for a specific organization.

COMPLIANCE WITH STANDARDS

RAMSES covers all requirements of the standards and laws listed below (ZoKB, ZOOU) and is continuously supplemented as needed by other standards and legislative requirements.
The tool complies with basic safety standards and laws such as ISO / IEC 27001: 2013, ISO / IEC 27002: 2013, ISO / IEC 27005: 2011, ISO 22301: 2012, ČSN EN 16495,
Act No. 181/2014 Coll.,
Act No. 110/2019 Coll.

ROLE BASED ACCESS

Users work in RAMSES based on the roles assigned to them. Roles correspond to their job classification and responsibilities for individual assets or certain areas. Role-based access ensures easy user management and precise definition of access rights.

DATA SECURITY

RAMSES is operated on a secure infrastructure in an ISMS-certified environment according to ISO 27001. Data security is in accordance with European legislation, current standards and best security practices. All data is continuously backed up. Communication between the tool and end users is via the HTTPS protocol. RAMSES servers are continuously scanned by Qualys technology.

RAMSES TRAINING

At present, when many organizations feel the need to ensure the proper functioning of their information system, the training program prepared by our specialists gives an opportunity to gain practical experience with the RAMSES tool and knowledge of methodology. The acquired knowledge and know-how are sufficient for its full use in the analysis and risk management of information systems.

If you are an existing user of the CRAMM methodology, or a new user of the RAMSES tool, you will appreciate the training we offer, where in addition to the initial acquaintance with the RAMSES methodology you will get acquainted with its application in ISMS implementation according to ISO / IEC 27001

RAMSES TRAINING

At present, when many organizations feel the need to ensure the proper functioning of their information system, the training program prepared by our specialists gives an opportunity to gain practical experience with the RAMSES tool and knowledge of methodology. The acquired knowledge and know-how are sufficient for its full use in the analysis and risk management of information systems.

If you are an existing user of the CRAMM methodology, or a new user of the RAMSES tool, you will appreciate the training we offer, where in addition to the initial acquaintance with the RAMSES methodology you will get acquainted with its application in ISMS implementation according to ISO / IEC 27001

RAMSES TRAINING

At present, when many organizations feel the need to ensure the proper functioning of their information system, the training program prepared by our specialists gives an opportunity to gain practical experience with the RAMSES tool and knowledge of methodology. The acquired knowledge and know-how are sufficient for its full use in the analysis and risk management of information systems.

If you are an existing user of the CRAMM methodology, or a new user of the RAMSES tool, you will appreciate the training we offer, where in addition to the initial acquaintance with the RAMSES methodology you will get acquainted with its application in ISMS implementation according to ISO / IEC 27001

Do you want to know more information? Don’t hesitate to contact us!

Do you want to know more information? Don’t hesitate to contact us!

Menu
WordPress Appliance - Powered by TurnKey Linux