Key Features
Exceed.Risk has many Key Features that could be used to facilitate the manual hassle of the risk assessment process, below are the major Key Features:
Faster
Automating and delivering information security risk management quickly and easily.
Easy
Ease of changing tool configuration based on each organization IT Risk Methodology.
Multi Standards
Fully compliant with ISO 27001:2013, 27005:2011, and 31000:2009.
Risk Library
Built-in database of threats & vulnerabilities.
Powerful
Delivering a high level of reliability and consistency that spreadsheets cannot deliver.
Multi Scopes
Allow users to have several scopes.
Asset Evaluation
Conducts Business Impact Analysis (BIA).
Automated Calculation
Developing Mitigation Plans and Calculating Risk values.
Major Functions
Dashboard
The screen shows the overall risk standing of the organization through several views as shown in the screen below.
dashboard will not appear unless the risk assessment has been completed.
Scopes
Manage scopes screen is used to define scopes, edit scope information, assign assets groups and to edit assets information. User can define multiple scopes with multiple asset groups.
After defining the scope, the user can upload assets using a predefined asset excel file.
Manage BIA
Asset valuation is done by answering all CIA question for each asset, the tool will calculate the BIA value accordingly. After Asset valuation assets is moved to BIA list tab where user can review and verify asset valuation.
After evaluation, assets must be locked to be moved into BIA history, where users can also update BIA as well.
Gap Analysis
The user is allowed to choose if the control is applicable. If the user chooses the not applicable option this control will not be used in the risk assessment nor the calculation of risk. The tool will calculate the maturity level for each control according to the CMMI model used be the tool.
The tool allows the user to upload an attachment for the evidence of the implemented control.
Threats and vulnerabilities
Asset valuation is done by answering Each asset group is associated by default with a set of pre-defined threats. Users are allowed to add a new threat, edit or delete an existing threat User can assign vulnerabilities to each threat, define controls to each threat and edit or delete any vulnerability defined to each threat .
After answering the question for the impact and probability question the tool will calculate the threat value automatically.
Contact us
Do you have any questions? Please do not hesitate to contact us directly. Our team will come back to you within a matter of hours to help you.