What is the Purpose of Abriska 27001?

Abriska 27001 was designed to address one of the fundamental requirements of ISO 27001; the need for robust and repeatable risk assessments. Underpinning Abriska 27001 is a proven, best-practice risk assessment methodology which has been validated in over 200 ISO 27001 certification projects. All of the mandatory outputs required by the ISO 27001 Standard, including a Statement of Applicability (SOA), risk score matrix, risk treatment plan and risk register are produced by Abriska. A key feature of the tool is that it facilitates the shared ownership of information risk across your organisation by enabling the easy distribution of risk and control assessment, whilst retaining centralised control, configuration and reporting.

What Type and Size of Organization is Abriska 27001 Particularly Suited to?

Abriska 27001 is the perfect web-based tool for any organisation looking to comply or certify to ISO 27001 or those looking to simply ensure their organisation adopts a consistent and robust approach to assessing, prioritising and managing key information risks.It is ideally suited to small and medium-sized organisations, particularly those looking to share the ownership of risk across a range of divisions or departments. It also suits larger organisations that are looking for a specialist information security module providing the granularity they seek, which then feeds into their enterprise risk management software.

What are its Key Features?

  • Simplifies, through automation, the ISO 27001 risk assessment process
  • Proven, best practice risk assessment methodology aligned with ISO 31000 and ISO 27005
  • Preconfigured with linked asset types, threats and controls with input from URM’s senior information security consultants
  • Data flow mapping between assets and supporting assets
  • Facilitates devolution of risk ownership across organisation
  • Produces all mandatory ISO 27001 outputs, including Statement of Applicability (SOA), risk score matrix, risk treatment plan and risk register
  • Comprehensive reporting (including risk trends) and notification/reminder features
  • Easy to use and intuitive interface
  • Responsive UK-based support team

What are its Principal Benefits?

  • Proven and trustworthy – Abriska 27001 is underpinned by a risk assessment methodology that is aligned with ISO 27005 and has been validated by numerous certification bodies in over 200 certification projects.
  • Cost and time saving – When compared to a manual spreadsheet, clients have estimated that time savings in conducting risk assessments with Abriska can be as great as 90%. Set up times are greatly eased by Abriska’s pre-configured mappings.
  • Shared workload - Abriska is a web-based product which allows for the easy distribution of risk and control assessment, whilst retaining centralised control, configuration and reporting.
  • Consistency and repeatability - Abriska is ideally suited to meeting one of the absolute fundamental requirements of ISO 27001; the need for robust and repeatable risk assessments.
  • Flexibility - Abriska also allows for varying control implementation across different sites or divisions, with considerable scope for the customisation and the addition of other threats and controls, e.g. PCI DSS.

How Does it Work?

Abriska 27001 adopts a 4 step approach in managing risks-

  • Identifying information assets within scope and determining the potential impact to the organisation resulting from a loss in terms of confidentiality, integrity and availability to each asset
  • Assessing risk by determining likelihood and impact of threats occurring and mapping against appropriate controls
  • Assessing the maturity of applicable information security controls (all 114 controls from Annex A of ISO 27001 are preloaded, but others can be added) against a consistent, tailored scale to demonstrate current risk and treated risk if improvements are made
  • Having determined information security risks, these can be reported in a number of ways including showing how risks have changed over time. Abriska automatically produces all the mandatory output requirements from ISO 27001, i.e. statement of applicability, risk score matrix, risk treatment plan and risk register.

What is Information Security Risk Management?

Information security risk management is the process of identifying, analysing, evaluating, and treating risks associated with the loss of confidentiality, integrity and availability of the organisation’s information assets.

What are the Risk Management Requirements of ISO 27001?

ISO/IEC 27001:2013 (ISO 27001) is the leading international information security management system standard and one of its key features is that it is risk-based. The implementation of controls (technical measures, policies, processes etc.) is not prescriptive but is determined by an information risk assessment taking into account the organisation’s risk appetite and the information it is seeking to protect. ISO 27001 clearly states in Clauses 6.1 what actions it expects an organisation to take in addressing risks.  These actions include defining and applying processes for both assessing and treating information security risks.  Further requirements around the operation of risk assessment and treatment are also specified in Clauses 8.2 and 8.3.

What is Information Security Risk Management Software?

Information risk management software supports organisations by automating some of the processes involved and helping to identify, analyse and evaluate risks to an organisation’s information assets in a uniform, predetermined approach. The end result is that the process for assessing and managing all information risks is identical and risks can be treated based on the organisation’s risk appetite.

More about Abriska


More about Information Security

Consultancy Services

Information Security Training

About URM

URM is dedicated to providing high quality, cost-effective and tailored consultancy and training in the areas of information security, data protection, business continuity and risk management.

Our office is open 08:00 – 17:30 Monday to Friday.

Email: info@urmconsulting.com
Phone : +44 (0)118 206 5410

Follow us on