Risk assessment

Description of the “Risk Assessment” software

The INFO.RM web software tool has been designed for the implementation of risk assessment in compliance with the ISO/IEC 27001:2005 standard specifications.

The web software tool defines the risk assessment methodology suitable for the information security management system of your company.

The INFO.RM web software tool enables you to carry out all risk analysis phases in compliance with the ISO/IEC 27001:2005 standard specifications.

The INFO.RM web software tool provides support at carrying out a risk analysis as well as at defining and monitoring the respective reduction measures. The following risk analysis phases are available:

  • Process definition
  • Preparation of an asset inventory
  • Classification of assets
  • Determination of threats and implementation of the risk assessment
  • Determination of the risk management mode
  • Selection of risk management controls
  • Risk management planning
  • Preparation of the service-oriented architecture (SOA)

A survey of other main features

Management of several different risk analyses

  • We can edit the existing risk analyses, make a copy of the selected analysis or create a new risk analysis.

Completion of an analysis and proceeding with a new version

  • The risk analysis is performed for specified period of time. Thereafter it is concluded and a new version of risk analysis may be started.

Risk assessment methodology

  • The risk value applicable to individual Asset/Threat combination is calculated by application of a corresponding matrix.


  • The program provides for a survey by groups of assets as well as for a survey of all assets.

Comprehensive set of threats

  • The program already includes a comprehensive and structured set of threats.

Set of controls

  • The program includes a set of controls prescribed by the ISO/IEC 27001 standard, Appendix A.


  • Various outputs are available.

Data import

  • Assets may be imported into the program from the csv file.

Data export

  • The data on the risk analysis may be exported into the csv file and subsequently arranged into different tables.