Alphabetical List of Risk Management Products

Timberline Technologies Logo
HOME SECURITY PRODUCT LINKS SECURITY RESOURCES

SECURITY WORKSHOPS SECURITY ADVISORY LINKS CONTACT INFORMATION

CONSULTING SERVICES SECURITY NEWS LINKS SITE MAP

New from Timberline Technologies:

Online Cryptography Course

with Lab Exercises

Tell me more ...

Alphabetical List of Risk Management Products

Disclaimer:

These links are provided as a free service to those seeking commercial information security products or shareware tools. The fact that a product is listed here is not an indication that Timberline Technologies LLC has evaluated it nor that we recommend it. The descriptive text is generally taken from the vendor's own product literature. The buyer has the ultimate responsibility to ensure that the information security product is suitable for its intended use. Please follow the links to the vendor pages to obtain more detailed information on a particular product. Additional guidance on product selection can be found in the On-Site Security Workshops.

Vendors Please Note: If your product does not appear in this index or if you feel that it has been incorrectly categorized please contact webmaster@timberlinetechnologies.com and the error will be corrected.

Important Note to Surfers: Timberline Technologies takes strict precautions to provide "safe" links. We will not knowingly provide a link to a site with dangerous active content or questionable privacy policies. Nevertheless, we can not guarantee the safety of all links provided. Those who are concerned about browsing securely are advised to use the facilities of BeHidden, safeWeb, Anonymizer or similar service.

Product Name Description

BIA (Strohl Systems) Helps you ask the right questions, zero in on key audiences, review and analyze data, and prepare management reports, all with the help of our free and unlimited training program and 24-hour support services. With BIA Professional, you can get a complete picture of every area where you are vulnerable, and develop strategies for minimizing your exposure to risks and the possible effects of interruptions. Equally important, you can give management a well-focused, detailed picture of potential financial and operational vulnerabilities, impacts, and recovery issues.

bv-Control for Microsoft Exchange (BindView Development) An IT risk management solution that effectively pinpoints and identifies risks to the health and integrity of Microsoft Exchange environments. It delivers comprehensive configuration, security, administrative and availability management for Microsoft Exchange through a central Microsoft® Management Console without deploying technology on every machine.

bv-Control for SAP (BindView Development) Web-based SAP risk management system. bv-Control for SAP systems is a complete, turnkey server that pulls data from critical SAP tables and stores it locally. The data is then delivered and managed with several “modules” that deliver all the functionality today’s organizations need to effectively manage the business process risks that can easily go undetected due to the complexity of systems. By storing and processing the data locally, bv-Control for SAP systems eliminates “analysis paralysis”, requiring no dedicated processing cycles from the SAP system itself. Once the data has been audited and analyzed, transports, or changes, are then pushed back into SAP, allowing security auditors, business personnel and administrators to easily remove risks and perform changes in a timely and cost-effective manner.

COBRA (Risk Associates) Security risk analysis and BS7799 compliance software.

CounterMeasures - Risk Analysis Software (Alion Science and Technology) CounterMeasures™ - Risk Analysis Software, from Alion Science and Technology, Inc., evaluated IT or facility risks by determining the level of system or project vulnerability, then calculating loss to assets (risk) based on threat activity. Users complete a survey for each entity included in a risk analysis. Completed surveys are loaded into an analysis module and analyzed by an individual. Downloads available in Word, PowerPoint, and Flash in English; product features and system requirements, and a detailed description of each element of the package available on web site.

Expert (L-3 NetworkSecurity) A sophisticated network security and risk management tool. Can measure and manage your network security risk and perform a meaningful business impact analysis. Expert identifies the assets and critical business functions most at risk to your company and assesses the potential business impact and financial losses in the event of a network attack or failure. Expert enables you to make intelligent business decisions about your network security posture and protect one of your organization's most vital assets - its information.

HIPAA-Watch for Security (RiskWatch) HIPAA-WATCH FOR SECURITY™ is the only security risk analysis software that meets the Final Security Rule, by walking the organization through a complete risk analysis. HIPAA-Watch for Security™ includes the actual Control Standards from the Final Security Rule and it easily and accurately measures compliance in both the Required and Addressable areas. HIPAA-Watch for Security™ includes a Project Plan (in MS Project and Excel) so you can plan every aspect of your project. In addition, the free Data Collection Guide gives you easy to collect information from different parts of the organization. The web-based questionnaire makes it easy to find vulnerabilities by surveying different people in your organization. The questionnaire asks simple questions based on the Final Security Rule Control standards and it instantly aggregates all responses. It includes a full audit trail of who answered every question and what their answers were.

LDRPS (Strohl Systems) Living Disaster Recovery Planning System. Business continuity planning software. With LDRPS, you can create all-encompassing, strategic plans for dealing with business interruptions large or small. You can imagine and deal with such interruptions, long before they happen, and by doing so, minimize their effects upon your business.

LDRPS Web Server (Strohl Systems) A browser-independent, web-based continuity planning tool. With LDRPS Web Server, business continuity plans are easier than ever before to build, maintain, and print over your intranet or the Internet. Users can access or update plans from work, home, or any location with Internet access to ensure that plans are current and accurate, and that critical information is easily accessible in times of crisis. By eliminating the need for end-user workstation setups and because the module is browser independent, it is as if LDRPS Web Server is already deployed on virtually any computer anywhere, making plan maintenance and execution practically foolproof.

LivingPolicy (Intellitactics) LivingPolicy™ enables organizations to publish and disseminate their security policies, plus track and report compliance - all on-line, 24x7, through any standard web-browser. World-wide dissemination challenges can be resolved with LivingPolicy’s capability to operate in multiple languages simultaneously. LivingPolicy eliminates paper-based distribution of policies and builds security awareness through interactive access to policies and procedures, notifications of policy changes and additions sent via e-mail, and compliance requests. Executives and managers can view summary charts or detailed reports on an employee, department, or company basis to ascertain compliance levels or take corrective actions. With LivingPolicy, you can publish your policies and ensure their practice!

RecoveryPAC (CPACS) Combines relational database power, flexibility and ease of use for efficient development, testing and maintenance of business continuity plans. Includes an integrated activity scheduler, Gantt chart utility, Test/Activate module, Import Wizard, multi-user option, report writer, audit trail, integrated Data Collection Utility, multiple database definition and HTML/Adobe PDF publishing.

RecoveryPAC Web (CPACS) (see RecoveryPAC) Web-based business continuity planning tool. RecoveryPAC Web is not simply a web front-end to a Windows product, but has been designed and written specifically for the web environment using the Java programming language and employing efficiencies such as a "zero-weight" client. The three-tier architecture and cross-platform server
support - including support for Windows (NT and 2000), Linux and Solaris (UNIX) - provide security, scalability and flexibility for the deployment of your business continuity plans. Transforms business continuity planning into a straightforward process for experts and novices alike.

Regulatory Controls Compliance System (Preventsys) The Regulatory Controls Compliance system is the only automated solution available today that enables organizations to directly translate their own paper-based regulatory controls into auditable rules to measure IT security risk and automate compliance reporting across the IT infrastructure. Enterprise risk and exposure and the state of regulatory compliance with Sarbanes-Oxley, HIPAA, GLBA, NERC and FISMA are visually displayed in a centralized compliance dashboard.

RiskComp (RiskComp) The RiskComp Managed Service is the provision of a fully managed, standards based, web server infrastructure upon which the RiskComp application is implemented. The purpose of the Managed Service is to enable Organizations to introduce a risk and compliance management programme, without the need to implement and support their own infrastructure and software, and to make the programme accessible to all relevant personnel across the Organization.

RiskPAC (CPACS) Risk management software designed specifically for conducting comprehensive risk assessment and business impact analysis projects in an efficient and consistent manner. Includes Questionnaire Designer, for development and modification of questionnaires.

RISKMASTER (CSC) CSC's RISKMASTER is a comprehensive browser-based claims and risk management solution that improves efficiency and effectiveness with components that completely automate processing - from risk and claims administration to policy processing and litigation management. RISKMASTER gives self-insured organizations, healthcare providers, public entities, insurance pools, general business and third-party administrators (TPA's) a single system for managing all risk and claims processes, from initial event tracking to online claims administration to reporting for risk analysis. No other vendor offers so many functions on the same platform from the same vendor.

RiskWatch for Financial Institutions (RiskWatch) RiskWatch for Financial Institutions™ conducts an automated risk analysis, measuring compliance against requirements including the Gramm Leach Bliley Act, California SB 1386 (Identify Theft standards), Facilities Access Standards and the FFIEC Standards for Information Systems. Server-based online questionnaires make it easy to generate automatic reports with complete audit trails.
Developed for banks, credit unions, and other financial institutions, such as credit card processors and insurance companies, RiskWatch for Financial Institutions™ improves compliance with existing standards and meets requirements for information systems risk analysis and risk assessment.

RiskWatch for Information Systems & ISO 17799 (RiskWatch) RiskWatch for Information Systems & ISO 17799™ is the industry leading risk analysis software package. RiskWatch conducts automated risk analysis and vulnerability assessments of information systems; including data centers, application programs, facilities, networks, and field offices. Each ISO 17799 standard has been carefully mapped into the RiskWatch program, with each complete control standard identified, numbered and incorporated into the unique RiskWatch automated survey process.
RiskWatch for Information Systems & ISO 17799™ uses data generated by the risk analysis to provide on-line risk management. The results of an analysis are available in a variety of detailed but easy to understand reports, tables, bar and pie charts. RiskWatch is completely customizable by the user, including the ability to create new asset categories, threat categories, vulnerability categories, safeguards, question categories, and question sets. Users can also automatically import questions and data created by other users into their analysis.

RiskWatch for Physical Security & Homeland Security (RiskWatch) RiskWatch for Physical & Homeland Security™ conducts automated risk analysis, physical security reviews, audits and vulnerability assessments of facilities and personnel. Security threats addressed include crimes against property, crime against people, equipment of systems failure, terrorism, natural disasters, and fire & bomb threats. Question sets include entry control, perimeters, fire, facilities management, guards, including a specialized set of questions for the maritime/shipping industry.
New ASP functionality allows the organization to put the entire questionnaire process on their server where users can easily log in by ID number, answer questions appropropriate to their job, and all the answers can be instantly imported into the RiskWatch for Physical & Homeland Security™ program.

SafeSuite Decisions (ISS) A security decision support application that creates an enterprise-wide process of continuous security improvement by easily identifying security "hot spots" in an enterprise network. This complete, global view of enterprise security information consolidates and correlates data from multiple sources to provide information that otherwise would not be available, thereby enabling security staff to make timely and informed security decisions. SAFEsuite Decisions collects and integrates security information derived from network sources including Check Point FireWall-1™, Network Associates' Gauntlet Firewall™, ISS' RealSecure™ intrusion detection and response system, and ISS' Internet Scanner™ and System Scanner™ vulnerability detection systems. SAFEsuite Decisions automatically correlates and analyzes this cross-product data to indicate the security risk profile of the entire enterprise network. For example, vulnerabilities found by Internet Scanner and intrusion events detected by RealSecure will be correlated to provide high value information indicating specific hosts on the network that are both vulnerable to attack and that have been attacked.

HOME	SECURITY PRODUCT LINKS	SECURITY RESOURCES
SECURITY WORKSHOPS	SECURITY ADVISORY LINKS	CONTACT INFORMATION
CONSULTING SERVICES	SECURITY NEWS LINKS	SITE MAP

Product Name	Description
BIA (Strohl Systems)	Helps you ask the right questions, zero in on key audiences, review and analyze data, and prepare management reports, all with the help of our free and unlimited training program and 24-hour support services. With BIA Professional, you can get a complete picture of every area where you are vulnerable, and develop strategies for minimizing your exposure to risks and the possible effects of interruptions. Equally important, you can give management a well-focused, detailed picture of potential financial and operational vulnerabilities, impacts, and recovery issues.
bv-Control for Microsoft Exchange (BindView Development)	An IT risk management solution that effectively pinpoints and identifies risks to the health and integrity of Microsoft Exchange environments. It delivers comprehensive configuration, security, administrative and availability management for Microsoft Exchange through a central Microsoft® Management Console without deploying technology on every machine.
bv-Control for SAP (BindView Development)	Web-based SAP risk management system. bv-Control for SAP systems is a complete, turnkey server that pulls data from critical SAP tables and stores it locally. The data is then delivered and managed with several “modules” that deliver all the functionality today’s organizations need to effectively manage the business process risks that can easily go undetected due to the complexity of systems. By storing and processing the data locally, bv-Control for SAP systems eliminates “analysis paralysis”, requiring no dedicated processing cycles from the SAP system itself. Once the data has been audited and analyzed, transports, or changes, are then pushed back into SAP, allowing security auditors, business personnel and administrators to easily remove risks and perform changes in a timely and cost-effective manner.
COBRA (Risk Associates)	Security risk analysis and BS7799 compliance software.
CounterMeasures - Risk Analysis Software (Alion Science and Technology)	CounterMeasures™ - Risk Analysis Software, from Alion Science and Technology, Inc., evaluated IT or facility risks by determining the level of system or project vulnerability, then calculating loss to assets (risk) based on threat activity. Users complete a survey for each entity included in a risk analysis. Completed surveys are loaded into an analysis module and analyzed by an individual. Downloads available in Word, PowerPoint, and Flash in English; product features and system requirements, and a detailed description of each element of the package available on web site.
Expert (L-3 NetworkSecurity)	A sophisticated network security and risk management tool. Can measure and manage your network security risk and perform a meaningful business impact analysis. Expert identifies the assets and critical business functions most at risk to your company and assesses the potential business impact and financial losses in the event of a network attack or failure. Expert enables you to make intelligent business decisions about your network security posture and protect one of your organization's most vital assets - its information.
HIPAA-Watch for Security (RiskWatch)	HIPAA-WATCH FOR SECURITY™ is the only security risk analysis software that meets the Final Security Rule, by walking the organization through a complete risk analysis. HIPAA-Watch for Security™ includes the actual Control Standards from the Final Security Rule and it easily and accurately measures compliance in both the Required and Addressable areas. HIPAA-Watch for Security™ includes a Project Plan (in MS Project and Excel) so you can plan every aspect of your project. In addition, the free Data Collection Guide gives you easy to collect information from different parts of the organization. The web-based questionnaire makes it easy to find vulnerabilities by surveying different people in your organization. The questionnaire asks simple questions based on the Final Security Rule Control standards and it instantly aggregates all responses. It includes a full audit trail of who answered every question and what their answers were.
LDRPS (Strohl Systems)	Living Disaster Recovery Planning System. Business continuity planning software. With LDRPS, you can create all-encompassing, strategic plans for dealing with business interruptions large or small. You can imagine and deal with such interruptions, long before they happen, and by doing so, minimize their effects upon your business.
LDRPS Web Server (Strohl Systems)	A browser-independent, web-based continuity planning tool. With LDRPS Web Server, business continuity plans are easier than ever before to build, maintain, and print over your intranet or the Internet. Users can access or update plans from work, home, or any location with Internet access to ensure that plans are current and accurate, and that critical information is easily accessible in times of crisis. By eliminating the need for end-user workstation setups and because the module is browser independent, it is as if LDRPS Web Server is already deployed on virtually any computer anywhere, making plan maintenance and execution practically foolproof.
LivingPolicy (Intellitactics)	LivingPolicy™ enables organizations to publish and disseminate their security policies, plus track and report compliance - all on-line, 24x7, through any standard web-browser. World-wide dissemination challenges can be resolved with LivingPolicy’s capability to operate in multiple languages simultaneously. LivingPolicy eliminates paper-based distribution of policies and builds security awareness through interactive access to policies and procedures, notifications of policy changes and additions sent via e-mail, and compliance requests. Executives and managers can view summary charts or detailed reports on an employee, department, or company basis to ascertain compliance levels or take corrective actions. With LivingPolicy, you can publish your policies and ensure their practice!
RecoveryPAC (CPACS)	Combines relational database power, flexibility and ease of use for efficient development, testing and maintenance of business continuity plans. Includes an integrated activity scheduler, Gantt chart utility, Test/Activate module, Import Wizard, multi-user option, report writer, audit trail, integrated Data Collection Utility, multiple database definition and HTML/Adobe PDF publishing.
RecoveryPAC Web (CPACS)	(see RecoveryPAC) Web-based business continuity planning tool. RecoveryPAC Web is not simply a web front-end to a Windows product, but has been designed and written specifically for the web environment using the Java programming language and employing efficiencies such as a "zero-weight" client. The three-tier architecture and cross-platform server support - including support for Windows (NT and 2000), Linux and Solaris (UNIX) - provide security, scalability and flexibility for the deployment of your business continuity plans. Transforms business continuity planning into a straightforward process for experts and novices alike.
Regulatory Controls Compliance System (Preventsys)	The Regulatory Controls Compliance system is the only automated solution available today that enables organizations to directly translate their own paper-based regulatory controls into auditable rules to measure IT security risk and automate compliance reporting across the IT infrastructure. Enterprise risk and exposure and the state of regulatory compliance with Sarbanes-Oxley, HIPAA, GLBA, NERC and FISMA are visually displayed in a centralized compliance dashboard.
RiskComp (RiskComp)	The RiskComp Managed Service is the provision of a fully managed, standards based, web server infrastructure upon which the RiskComp application is implemented. The purpose of the Managed Service is to enable Organizations to introduce a risk and compliance management programme, without the need to implement and support their own infrastructure and software, and to make the programme accessible to all relevant personnel across the Organization.
RiskPAC (CPACS)	Risk management software designed specifically for conducting comprehensive risk assessment and business impact analysis projects in an efficient and consistent manner. Includes Questionnaire Designer, for development and modification of questionnaires.
RISKMASTER (CSC)	CSC's RISKMASTER is a comprehensive browser-based claims and risk management solution that improves efficiency and effectiveness with components that completely automate processing - from risk and claims administration to policy processing and litigation management. RISKMASTER gives self-insured organizations, healthcare providers, public entities, insurance pools, general business and third-party administrators (TPA's) a single system for managing all risk and claims processes, from initial event tracking to online claims administration to reporting for risk analysis. No other vendor offers so many functions on the same platform from the same vendor.
RiskWatch for Financial Institutions (RiskWatch)	RiskWatch for Financial Institutions™ conducts an automated risk analysis, measuring compliance against requirements including the Gramm Leach Bliley Act, California SB 1386 (Identify Theft standards), Facilities Access Standards and the FFIEC Standards for Information Systems. Server-based online questionnaires make it easy to generate automatic reports with complete audit trails. Developed for banks, credit unions, and other financial institutions, such as credit card processors and insurance companies, RiskWatch for Financial Institutions™ improves compliance with existing standards and meets requirements for information systems risk analysis and risk assessment.
RiskWatch for Information Systems & ISO 17799 (RiskWatch)	RiskWatch for Information Systems & ISO 17799™ is the industry leading risk analysis software package. RiskWatch conducts automated risk analysis and vulnerability assessments of information systems; including data centers, application programs, facilities, networks, and field offices. Each ISO 17799 standard has been carefully mapped into the RiskWatch program, with each complete control standard identified, numbered and incorporated into the unique RiskWatch automated survey process. RiskWatch for Information Systems & ISO 17799™ uses data generated by the risk analysis to provide on-line risk management. The results of an analysis are available in a variety of detailed but easy to understand reports, tables, bar and pie charts. RiskWatch is completely customizable by the user, including the ability to create new asset categories, threat categories, vulnerability categories, safeguards, question categories, and question sets. Users can also automatically import questions and data created by other users into their analysis.
RiskWatch for Physical Security & Homeland Security (RiskWatch)	RiskWatch for Physical & Homeland Security™ conducts automated risk analysis, physical security reviews, audits and vulnerability assessments of facilities and personnel. Security threats addressed include crimes against property, crime against people, equipment of systems failure, terrorism, natural disasters, and fire & bomb threats. Question sets include entry control, perimeters, fire, facilities management, guards, including a specialized set of questions for the maritime/shipping industry. New ASP functionality allows the organization to put the entire questionnaire process on their server where users can easily log in by ID number, answer questions appropropriate to their job, and all the answers can be instantly imported into the RiskWatch for Physical & Homeland Security™ program.
SafeSuite Decisions (ISS)	A security decision support application that creates an enterprise-wide process of continuous security improvement by easily identifying security "hot spots" in an enterprise network. This complete, global view of enterprise security information consolidates and correlates data from multiple sources to provide information that otherwise would not be available, thereby enabling security staff to make timely and informed security decisions. SAFEsuite Decisions collects and integrates security information derived from network sources including Check Point FireWall-1™, Network Associates' Gauntlet Firewall™, ISS' RealSecure™ intrusion detection and response system, and ISS' Internet Scanner™ and System Scanner™ vulnerability detection systems. SAFEsuite Decisions automatically correlates and analyzes this cross-product data to indicate the security risk profile of the entire enterprise network. For example, vulnerabilities found by Internet Scanner and intrusion events detected by RealSecure will be correlated to provide high value information indicating specific hosts on the network that are both vulnerable to attack and that have been attacked.