DESCRIPTION OF AUTOMATED RISK MANAGEMENT PACKAGES THAT NIST/NCSC RISK
             MANAGEMENT RESEARCH LABORATORY HAVE EXAMINED
                          Updated March 1991


                                 @RISK

Methodology.  Quantitative.  @RISK is a 123/Symphony/Excel add-in for
risk analysis using Monte Carlo simulation.  Probability distributions
are added to cells using 30 new probability distribution built-in
functions.  A Lotus or Excel style menu allows users choose Monte
Carlo or Latin Hypercube sampling, select output ranges, and start
simulating.  Results are displayed graphically and statistics are
calculated and displayed in a report format.






Hardware Requirements.

@RISK for 1-2-3 and Symphony            @RISK for Excel PC
- IBM PC or compatible                  - IBM PC or compatible.
- 512K Memory                           - 2M installed memory.
- Graphics adapter                      - Graphics adapter.
- Hard disk suggested                   - Hard disk required.

Operating System.

@RISK for 1-2-3 and Symphony            @RISK for Excel PC
- MS-DOS Version                        - Excel Ver. 2.1 or higher*
- Lotus 1-2-3 Ver. 2.X                  - Windows 3.
- Lotus Symphony Ver. 2.0 or higher

User Interface.  

- Menu Driven.

Documentation and Training. 

- User manual including sample spreadsheet and tutorial.
- Hot line support.
- 3-4 seminars annually are given on @RISK and risk analysis.

Developer/Vendor.  Palisade Corporation, Newfield, NY 14867
1-800-432-RISK

Remarks.
- Version for Mac Excel available mid-year '91.
- Version for Lotus 1-2-3 Ver. 3.1 available mid-year '91.
- * Version 3.0 for Excel PC strongly recommended.

              ALRAM (Automated Livermore Risk Analysis Methodology)

Methodology. Quantitative.  A government-developed system, this
methodology is structured to allow screening of asset/threat-event
combinations so that only high impact risks are reviewed.  The
methodology focuses attention on the effectiveness of proposed
security controls as well as those already in place.  ALRAM is divided
into three major phases to include project planning, risk analysis,
and decision support.  The initial phase defines the scope of the
analysis and identifies needed resources and personnel.  The second
phase collects and analyzes the data collected from phase 1.  In this
second phase, risk elements are identified by establishing
corresponding threats, control and asset components, the results of
which are provided as input for the final decision support phase.  The
final phase presents cost-benefit estimates for each proposed
safeguard along with a prioritization and selection scheme.  

Hardware Requirements.

- IBM PC/AT, 286, 386 or compatible.
- 640K memory.
- One 3.5 diskette drive and 10M free space fixed drive. 
- Graphics card (EGA, VGA, or Super-VGA).

Operating System.  

- MS-DOS Version 3.1 or later.

User Interface.  

- Menu-driven.
- On-line Help facility.
- Graphics.

Documentation and Training.  

- User manual.
- Training available on request.

Developer/Vendor.  Methodology developed by Lawrence Livermore
National Laboratory, Livermore, CA.  Commercialization (distribution,
support, maintenance, and training) is handled by Expert-EASE Systems,
Inc., Belmont, CA (415) 593-3200.

Remarks.
         ARES (Automated Risk Evaluation System) Version 1.1

Methodology.  Quantitative.  ARES uses a rule-based inference engine
and a menu-driven checklist system to perform a risk analysis in
support of a required accreditation.  Instead of a "number-based"
program, ARES collects data on the user (location, phone number,
address, etc.) with fill-in-the-blank screens.  Information pertaining
to the computer system's security and operating environments, along
with a wide range of other data, is gathered by checklists.  The data
collected includes the highest classification of the data on the sys-
tem; the clearance level of the system's user; the computer system's
level of trust; and topics as diverse as housekeeping practices,
password management, magnetic remanence, and others.  When producing
the final or interim reports, ARES compares the gathered checklist
responses against the rule base.  The resultant report consists of
cover sheet, approval letters, and a listing of potential risks to the
system with a documentation reference for each.  The report gives the
end-level computer security manager the option to accept or fix each
of the potential risks as part of the accreditation process.  The
report is written to an ASCII text file, allowing the manager to
tailor the final product to local procedures.

Hardware Requirements.

- IBM PC/AT or compatible minimum.
- 640K RAM
- 2 360K diskette drive or 360K diskette drive and hard drive (hard  
  drive preferable).

Operating System.

- MS-DOS Version 3.x.

User Interface.

- Menu-driven.
- Checklist.
- Context-sensitive help.

Documentation and Training.

- User's manual, training manual, tutorial.

Developer/Vendor.  Developed under contract for the Air Force
Cryptologic Support Center, AFCSC/SR, San Antonio, TX  78243-5000
(512) 977-3156.

Remarks. ARES v1.1 is a fully-functional risk management tool.  The
next version is scheduled for release Spring/Summer 1991.  It will be
a complete rewrite of ARES v1.1, including a drawing package for the
user's environment, a relational database linked to the graphics
package, enhanced data collection tools, "Hypertext"-style help and
online documentation, and other functions in support of the Air Force
Communications-Computer Systems Security Vulnerability Reporting
Program (CVRP).
               BDSS (Bayesian Decision Support System)

Methodology.  Quantitative/Qualitative.  BDSS is programmed to gather
tangible and intangible asset valuation data and to ask questions that
assess potential risks using quantitative data bases provided by the
vendor.  The user can include site-specific threat experiences which
the algorithms will process along with the quantitative knowledge
base.  Threats, vulnerabilities, asset categories, and selected
safeguards are automatically mapped and cross-mapped to each other. 
This system ranks threats before and after the implementation of
safeguards so that the representation of comparable exposure to loss
may be examined.  The analysis results are typically displayed
graphically with risk curves based on dollar loss values and
probability of loss coordinates.  The central algorithms of BDSS are
based on Bayes' Theorem addressing uncertainty and statistical
methods.  BDSS software produces a variety of printed reports as well
as ASCII files that may be exported to the user's word processor.
There is flexibility in how BDSS is used; for example, the vulner-
ability analysis feature of the BDSS application provides a stand-
alone qualitative presentation of safeguard system weaknesses.

Hardware Requirements.

- IBM PC/AT or compatible.
- 640K memory.
- 20M fixed drive and one high density (5 1/4 or 3 1/2) disk drive.
- Graphics card (CGA/EGA/VGA)

Operating System.
 
- MS-DOS Version 3.0 or later.

User Interface.  

- Natural language interface.
- Menu driven.
- User manual maps structurally with software.
- Hotline support.

Documentation and Training.

- User manual.
- Training is not included with purchase but may be provided upon     
  request.
- Case study provided.

Developer/Vendor.  Ozier, Perry & Associates developed BDSS in a joint
venture with Pickard, Lowe and Garrick, Inc. of Newport Beach, CA and
Washington, DC.  Ozier, Perry & Associates, San Francisco, CA; (415)
989-9092.  BDSS is marketed on the east cost by A-SYS-T Inc., West
Chester, PA  (215) 692-1027.

Remarks. Current release 1.4.  Enhancements typically released
quarterly to semi-annually.
                            BUDDY SYSTEM

Methodology.  Qualitative.  The Buddy System is an automated risk
analysis methodology for microcomputer environments and comprises two
components: (1) countermeasures survey and (2) security analysis and
management (SAM).  This software package assesses the level of
vulnerability based on safeguards already in place.  The level of
information being processed on the system determines whether or not
the assessed level of vulnerability is acceptable.  Recommendations
for corrective action are provided for each vulnerability that falls
outside of the acceptable range through the use of on-line "what if"
scenarios.  A data base containing over 100 safeguards is included in
this software package.  Further, the Risk Management component of the
system allows the analyst to track recommended corrective action
implementations for reports and/or follow-up procedures. 













Hardware Requirements.

- IBM PC or compatible.
- 256K memory.
- 10M fixed drive and one 360K diskette drive.

Operating System.  

- MS-DOS Version 2.0 or later.

User Interface.  
 
- On-line HELP facility.

Documentation and Training.  

- User manual. 
- One-day on-site training course.
- Training component built into the software to increase security
  awareness.

Developer/Vendor. Countermeasures, Inc., Hollywood, MD;
(301) 373-5166.

Remarks. Optional Maintenance Utility allows the user to customize the
software.  Report and screen formats can be edited with standard DOS
editor.
                      Control Matrix (CONTMAT)

Methodology.  Matrix approach.  This methodology enables the
evaluation of application controls, control objectives, and risks
using a matrix approach.  The matrix provides a summary of the
application's security/control environment.  This permits the user and
the security review team to quickly view where added safeguards are
needed.  A data base of controls techniques which may be implemented
to safeguard risk areas is included. 



















Hardware Requirements.

- IBM PC or compatible.
- Two diskette drives or one diskette drive and a fixed drive. 

Operating System.

- MS-DOS Version 2.0 or later.

User Interface.

- Menu-driven.
- Online HELP facility.
- User updated control data base.

Documentation and Training.

- User Manual.
- Training is not offered with the purchase.

Developer/Vendor.  Small Business Administration, (202)  205-7173
(government) Nander Brown & Co., Reston, VA (703)  689-4580 (non-
government).

Remarks. Government agencies may obtain copies of this software at no
cost. 
                             CONTROL-IT

Methodology.  Qualitative.  Control spreadsheet approach.  This
software provides a control spreadsheet approach for designing
controls into micro-computer system environments.  It identifies which
controls are necessary to ensure adequate security in business or
scientific systems.  The software package contains four separate
systems. 
     Package 1 (Designing Controls into Computerized Systems) is an
educational tool that teaches the user how to design and develop a
control matrix.
     Package 2 (Risk Ranking the Matrix) teaches the use of Delphi and
Comparison Risk Ranking techniques to rank threats and their controls.
     Package 3 (Automated PC-Based Control Matrix Design) is a control
matrix development package that contains a database of controls plus
separate databases of threats and computer system components.  This
package allows one to draw a draft matrix, search the controls
database and move relevant controls to a matrix controls list.
     Package 4 (Show Text Presentation Graphics) is used to draw the
final matrix resequencing threats, components, and controls.

Hardware Requirements.

- IBM PC or compatible or IBM Personal System/2.
- 384K memory.
- Two diskette drives or 10M fixed disk.
- Graphics capability. 

Operating System.  

- MS-DOS Version 2.0 or later.

User Interface.  

- A demo diskette provides a ten minute introduction to the 
  matrix concept of designing controls into computerized systems.  

Documentation and Training.  

- Two training packages (Packages 1 and 2).
- User manual.
- Automated course.
- One or two day on-site training upon request. 

Developer/Vendor. Jerry Fitzgerald & Associates, Redwood City, CA;
(415) 591-5676

Remarks.
       CRAMM  (CCTA Risk Analysis and Management Methodology)

Methodology.  Qualitative.  CRAMM is a formalized security risk
analysis and management methodology developed by the British
government and BIS Applied Systems Limited.  CRAMM is composed  of
three stages each supported by questionnaires and guidelines.  Stage 1
performs a valuation of the assets of the system or network under
review.  Qualitative values are determined for the data assets on a
scale of 1 to 10, for the potential impacts of disclosure, modifi-
cation, unavailability, and destruction.  The physical assets are
first valued on the basis of replacement or reconstruction costs which
are converted to a scale of 1 to 10, Where asset values are low (3 or
below) the system under review is likely only to require a baseline
level of protection and the review moves to Stage 3.  Stage 2 assesses
the threats and vulnerabilities of each asset group and ranks the
threat/vulnerability pair on a scale of 1 to 5, where 5 reflects a
worst-case scenario.  Stage 3 is concerned with safeguard selection
referring to a `library' of over 900.  To aid management in deciding
upon the most appropriate safeguard, CRAMM provides a facility to
explore options.  A range of management reports are available.
     The CRAMM software also provides a password system to reduce the
risk of unauthorized access to the data that is being analyzed.
Sensitivity markings are provided on all screens and hardcopy output. 

Hardware Requirements.

- IBM PC or compatible.
- 640K memory.
- 10M fixed drive. 

Operating System.  
 
- MS-DOS 2.1 or later.

User Interface.  

- Menu-driven.
- On-line HELP facility.

Documentation and Training.

- User manual.
- Management guide.
- Training available upon request. 

Developer/Vendor. BIS Applied Systems Limited, London SE1 9PN,
England; telephone 011-44-1-633-0866.  US vendor - Executive Resources
Association, Arlington, VA (703) 920-5200.
  
Remarks. CRAMM is available in the USA by licence agreement with the
UK Central Computer Telecommunications Agency.CRITI-CALC

Methodology.  Quantitative/Qualitative.  This product uses the concept
of annualized loss expectancy (ALE) to quantify the criticality of
risk exposure for applications.  The software collects information
about each application's loss potential, optimum off-site recovery,
cost of backup, cost to recover.  It uses this information to
calculate each application's annualized risk potential.  The
criticality of each application is determined by the potential for
loss caused by a processing interruption and a profile of up to 14
delay factors.  The user interacts with the system by means of screens
which display information about the risk exposure.  Once the user has
reviewed the initial results, "what if" analysis may be performed by
modifying the input data as a way of verifying the effectiveness of
certain safeguards.  The information contained in the output reports
may be used to optimize contingency plans.  The ALE, as a function of
maximum outage duration, is compared with the corresponding cost of
backup data to identify automatically the optimum off-site recovery
site.





Hardware Requirements.

- IBM PC/XT or compatible.
- 640K memory.
- 360K diskette drive.
- Fixed drive not necessary but convenient.

Operating System. 

- MS-DOS Version 2.11 or later.

User Interface.  

- Menu-driven.
- Help screen.

Documentation and Training.  

- User manual with sample databases and detailed tutorial.
- On-site training.

Developer/Vendor.  International Security Technology, NYC, Bob
Jacobson, (212) 288-3101.

Remarks.                       GRA/SYS

Methodology.  Qualitative.  GRA/SYS is a tool designed to assist
internal auditors and security personnel in developing a work priori-
tization plan for reviewing organizational risks.  Specifically, the
software prepares an applications and computer activity inventory,
determines the number of risks  for several major control areas.  A
risk score that reflects the measure of risk to the organization is
calculated and prioritized in descending order on a scale of 1 to 9,
with 9 representing a worst-case situation.  An additional report that
reflects the number of times each risk occurs is also prepared.  Using
the output reports from this software package, the user is able to
identify those risks where more effective safeguards are needed. 


















Hardware Requirements.

- IBM PC or compatible.
- 64K memory.
- One diskette drive.

Operating System.

- MS-DOS Version 2.0 or later.

User Interface. 

- Menu-driven. 

Documentation and Training.  

- User manual.
- Training is not offered with the purchase.

Developer/Vendor. Small Business Administration, (202)  205-7173
(government) Nander Brown & Co., Reston, VA (703)  689-4580 (non-
government).

Remarks. Government organizations may obtain this software at no cost.
                              IST/RAMP
(International Security Technology/Risk Analysis Management Program)

Methodology.  Quantitative.  IST/RAMP is a mainframe-resident risk
analysis program with an input module that is PC-resident.  The
software calculates the annualized loss expectancy and as well as
single occurrence loss.  The system can also provide a qualitative
analysis.  IST/RAMP generates data collection forms to assist the risk
analyst in organizing and controlling data collection.  Five loss
categories are addressed: service interruptions; physical loss and
damage; fraud; unauthorized disclosure; and physical theft.  A library
of data bases enables the analyst to maintain an audit trail of input
data changes.  A 'what-if' capability enables the analyst to select
the most cost-effective security measures.  
     RAMP<->LINK is a PC-resident, menu-driven data entry system which
uses risk information entered by the analyst to build a DOS file that
can be uploaded to IST/RAMP for processing.  





 
Hardware Requirements.

- IBM Mainframe for IST/RAMP--30xx with MVS.
- Interactive under TSO and Roscoe.
- IBM PC/XT or compatible for RAMP<->Link.
- 512K memory.
- Two diskette drives or one diskette and fixed disk drives.

Operating System. 

- MS DOS Version 2.1 or later.

User Interface.  

- Menu-driven.

Documentation and Training.  

- Training manual with sample data bases and detailed tutorial.
- User manual.
- Three-day on-site training.
- Pocket reference.

Developer/Vendor.  International Security Technology, NYC, Bob
Jacobson, (212) 288-3101

Remarks.  RAMP<->LINK makes it unnecessary for the analyst to be
familiar with the details of IST/RAMP data entry formats.  The analyst
enters the data off-line and logs onto a mainframe where IST/RAMP is
resident using any communications software package that has a "file
send" command.
                               JANBER

Methodology.  Qualitative.  Janber initiates a yes/no questionnaire
and checklist for collecting information about existing security
controls.  The software weights in place safeguards and measures them
against the classification level of data being processed on the
system.  These data classification levels go from highly sensitive but
unclassified information to highly classified data.  The analysis
provides a linguistic characterization of the level of vulnerability
from 2-28, with 28 representing a worst-case scenario.  Vulner-
abilities, safeguards and their weights can be preestablished by the
vendor to meet the organization's requirements.  Safeguards that are
required, but not implemented, are flagged in a report and recom-
mended as meeting organizational guidelines and directives provided.
Users have the capability of performing "what-if" scenarios to
evaluate the effectiveness of certain safeguards.
     The Janber application allows users to define standard entries
for specific data fields.  The results of the data collection and
analysis are maintained on separate data bases.  The developer
recommends that the analysis and the data collection be performed by
different personnel to assure the integrity of the results.  The
developer further recommends that the analysis be performed by
computer security professionals to achieve optimum results.  The
software provides a faculty to track action items resulting from the
evaluation. 
     Janber creates a database of information on all systems surveyed
and provides a data base query capability for contingency planning and
recovery operations.


 
Hardware Requirements.

- IBM PC or compatible.
- 10M fixed drive and one diskette drive.

Operating system.  

- MS-DOS Version 2.0 or higher.

User Interface.  

- Menu-driven.
- On-line help facility.

Documentation and Training.  

- User manual.
- Training provided upon request. 

Developer/Vendor.  Eagan, McAllister Associates, Inc., Lexington Park,
MD; (301) 863-2192.

Remarks. LAVA (Los Alamos Vulnerability and Risk Assessment)

Methodology. Qualitative/Quantitative.  LAVA administers
questionnaires which results in the identification of missing safe-
guards in 34 areas ranging from password management to personnel
security and internal audit practices.  The software evaluates
potential consequences and impact upon the organization and the
ultimate loss exposure (risks).  LAVA considers three kinds of
threats: natural and environmental hazards, accidental and intentional
on-site human threats (including the authorized insider), and off-
site human threats.  Detailed LAVA reports provide  qualitative and
quantitative results of the risks identified.  












Hardware Requirements.

- IBM PC/XT or compatible.
- 512K memory.
- 360K and 720K diskette drives; or 1.2M fixed drive and one 360K  
diskette drive.
 
Operating System. 

- MS-DOS Version 2.0 or later.

User Interface.

- Interactive questionnaires. 

Documentation and Training.

- User manual.
- On-site training. 
- Demonstration diskette.

Developer/Vendor.  Suzanne Smith, Los Alamos National Laboratory, Los
Alamos, NM;  (505) 667-7777.

Remarks. The LAVA methodology stresses a team approach for conducting
the risk assessment.  The team should be composed of people with a
broad spectrum of backgrounds and expertise to ensure a thorough
assessment.  It is recommended that a consensus among the group be
reached before entering an answer to any of the questions and, in some
cases, this may be the most difficult part of administering this risk
management software. 
                               MARION

Methodology. Qualitative/Quantitative.  MARION assesses business risks
associated with information systems drawing on a large database of
actual incidents.  The software incorporates a questionnaire to
evaluate the level of security that is currently being applied within
the organization.  Each question is allocated a weighting which
reflects the relative importance according to the analysis of the
underlying database of events.  A score is allocated for each question
and the responses and the scores are stored.  The software calculates
the overall score for each of 27 categories of security and presents
the results graphically and in printed form.  Once the current
security profile has been determined, the software will compare each
category with industry norms  which are derived from the database. 
The software uses the information on costs also held in the database
to calculate an estimated expenditure in relation to the total
security budget.  The calculated costs are analyzed according to the
nature of the security category and presented graphically in detailed
tables.  A "what-if" capability allows one to use different budgets to
determine the effects on the security profile.  The effects of the
proposed measures can also be displayed.







Hardware Requirements.

- IBM PC or compatible.
- 512K memory.
- Graphics capability.

Operating System.

- MS DOS 2.0 or later.

User Interface.

- Menu-driven.

Documentation and Training.

- User Manual.

Developer/Vendor. Coopers & Lybrand (United Kingdom firm), Plumtree
Court, London EC4A 4HT, telephone 01-822-4678.

Remarks. MARION is a methodology developed in France.  Coopers &
Lybrand are the agents for the package in the UK.  They have worked
with a French software house PSI to produce an English version of the
package and supporting reference material. 
                     MicroSecure Self Assessment

Methodology.  Qualitative.  An automated software tool that will allow
PC users to conduct a security self-assessment.  The software analyzes
the PC environment, determines the vulnerabilities, and recommends
security controls.  Those safeguards recommended are designed to
increase security and reduce exposures in six areas to include system
integrity, data security, credibility, data integrity, backup and
disaster recovery, and confidentiality and privacy.  The software may
be customized to meet site-specific requirements.   



















Hardware Requirements.

- IBM PC or compatible.
- 256K memory.
- One diskette drive. 

Operating System.

- MS-DOS 2.0 or later.

User Interface.

- Menu-driven.

Documentation and Training.  

- User Guide. 
- On-line tutorial. 

Developer/Vendor.  Boden Associates, East Williston, NY;
(516) 294-2648.

Remarks.  An optional question quiz is provided at the end of each
chapter of the training course.  Recommendations for corrective action
can be printed directly to the printer or written to an ASCII text
file for editing.
                              MINIRISK

Methodology.  Qualitative.   MINIRISK is a tool designed to assess
computer security vulnerabilities in a micro computer environment.  A
vulnerability assessment questionnaire allows the organization to
evaluate the adequacy and completeness of individual safeguards areas
and to reevaluate these same areas after missing safeguards have been
implemented.  During the process of answering the MINIRISK
questionnaire, the user identifies missing safeguards in 10 to 50
vulnerability categories ranging from password management to
contingency planning and internal audit controls.  Safeguards and
controls considered mandatory by the organization have been appointed
for each category that is to be reviewed.  The absence of certain
safeguards determines the level of vulnerability on a scale of zero to
9, with zero being the best case, and 9 the worse.  MINIRISK
establishes a threshold by which to evaluate vulnerabilities that
exceed an acceptable risk level.








Hardware Requirements.

- IBM PC or compatible.
- 64K memory.
- One diskette drive.

Operating System.

- MS-DOS Version 2.0 or later.

User Interface.

- Menu-driven.
- Online HELP facility.
- User defined questionnaire.

Documentation and Training.

- User manual.
- Training is not offered with the purchase.

Developer/Vendor. Small Business Administration, (202)  205-7173
(government) Nander Brown & Co., Reston, VA (703)  689-4580 (non-
government).

Remarks.  Government agencies may obtain copies of this software at no
cost. 
            PRISM Risk Analysis and Simulation for the PC

Methodology.  Quantitative.  PRISM supports development of risk
analysis modelling, simulation, sensitivity analysis, and graphical
presentation of results.  It also contains system functions to save,
retrieve, display, and modify existing models. In addition to simple
algebraic equations, PRISM permits use of BASIC-like statements to
model more complex applications.  
























Hardware Requirements.

- IBM PC or compatible.
- 512K fixed drive.

Operating System. 

- MS-DOS 2.0 or later.

User Interface. 

- On-line HELP facility.

Documentation and Training. 

- User manual.
- Training and on-site seminars.
- Consulting services available to assist in model development.

Developer/Vendor. Palisade Corporation, Newfield, NY;
(607) 277-8000.

Remarks.
                    RA/SYS (Risk Analysis System)

Methodology.  Quantitative.  RA/SYS is an automated risk analysis
system which processes with a series of interconnected files that can
assess up to 50 vulnerabilities and assets and 65 threats. 
Calculations are performed on threat/vulnerability pairs to produce
threat ratings and threat frequencies.  A report summarizes loss
estimates, cost benefit analysis, and return on investment. 



















Hardware Requirements.

- IBM PC or compatible.
- 128K of memory.
- Two 360K diskette drives or 640K fixed drive.

Operating System.

- MS-DOS Version 2.0 or later.

User Interface.  

- Menu-driven.
- On-line HELP facility.

Documentation and Training.   

- User manual.
- Technical assistance available upon request.

Developer/Vendor.  Small Business Administration, (202)  205-7173
(government) Nander Brown & Co., Reston, VA (703)  689-4580 (non-
government).

Remarks. Government agencies may obtain copies of this software at no
cost.                          RANK-IT

Methodology.  Quantitative.  RANK-IT is a risk assessment software
package that uses the Delphi technique.  Delphi is an expert system
approach to risk ranking.  This software automates the Delphi
technique by adding Comparison Risk Ranking to obtain an ordinally
ranked list of the items being ranked or to calculate percentage risk
values.  Each ranked item has a numerical value that can be used as a
weighting factor or a cardinal number value.
     RANK-IT is used to risk rank system threats, controls, vulner-
abilities, components, or any other criteria.  It also can be used to
rank other types of business decision alternatives, whether
quantifiable or not.
     The developer suggests that the time required to conduct a risk
ranking using this combined Delphi and Comparison Risk Ranking
methodology can range from 30 minutes to three hours.









Hardware Requirements.  

- IBM PC/XT/AT or compatibles or IBM Personal System/2.
- 512K memory.
- Single diskette drive or fixed disk (300K memory required).
- Graphics capability for full page displays of the results.

Operating System.

- MS-DOS Version 2.0 or later.

User Interface.

- Menu-driven.

Documentation and Training.

- Demonstration diskette.
- User manual.
- Tutorial and training diskette.
- One-day on-site training upon request.

Developer/Vendor. Jerry Fitzgerald & Associates, Redwood City, CA;
(415) 591-5676.

Remarks. The vendor recommends this package for a large number of
items that must be risk ranked or to gain concurrence of a group of
people.
                              RiskCALC

Methodology.  Quantitative.  An annual loss expectancy (ALE) or other
metric is computed based on an answered questionnaire.  The user may
optionally change the values of RiskCALC variables to determine the
most cost-effective safeguards and display the results on the user's
screen.  RiskCALC is part of a `family' of software tools described
below.  They each provide a standard ASCII file interface for
exporting and importing RiskCALC variables. 

     o    RiskCALC allows the user to answer questions and print
          reports into which values elicited from the questionnaire
          are automatically inserted.

     o    Risk Minimizer identifies an organization's most significant
          risks from a completed analysis.  Risk Minimizer may be used
          with other risk management software tools that use the
          RiskCalc file format.  

     o    System Manager assists in designing or customizing an
          existing risk analysis model.  

     o    Demonstration Models allow the user to develop a site-
          specific questionnaire or select one that models several
          risk scenarios. 



Hardware requirements.

- IBM PC or compatible.
- 512K memory.
- Fixed drive is optional but recommended.

Operating system. 

- MS-DOS Version 2.1 or later.

User Interface. 

- Menu driven.
- On-line help facility.
- Lotus-like interface.

Documentation and Training. 

- User and system administrator manuals.
- One day on-site training with purchase.
- A three-day course on computer security and risk management is
  available upon request. 

Developer/Vendor.  Hoffman Business Associates, Inc.,  Bethesda, MD.;
(301) 656-6205.

Remarks                        RISKPAC

Methodology.  Qualitative/Quantitative.  RiskPAC is a knowledge-based
system that uses a questionnaire metaphor to interact with the user
and measure risk in government-related and other topics.  The user's
answers to a questionnaire are stored in separate files called
surveys.  Different surveys are compared to determine the results of
corrective measures, or to perform "what-if" analyses.  Questions in a
questionnaire are grouped into categories, similar to a book divided
into chapters.  Each category is scored separately, providing a
detailed and logical analysis of a subject.  RiskPAC's reports feature
the level of risk for each category.  Based on the score for each
category, RiskPAC provides recommendations for corrective actions (a
database of corrective actions is included in each questionnaire).
     RiskPAC also includes a quantitative analysis module, the A.L.E. 
Calculator, an annualized loss exposure (A.L.E.) analysis.  Multiple
A.L.E. work-sheets can be created.  Lists of asset and threat
descriptions stored in separate files can be loaded into worksheets,
reducing data entry and supporting "what-if" analysis.  Pop-up lists
on the worksheet include data assets, threats to assets, dollar
impact, and frequency of events.  A.L.E. values are calculated as the
user works.
     The RiskPAC System Manager program (available separately) is used
to create or modify questionnaires.  RiskPAC System Manager allows the
user to enter a set of questions, responses, and corrective actions,
and turn them into an expert system for risk assessment.

Hardware Requirements.

- IBM PC/XT, AT, PS/2 or 100% compatible computer.
- 640K of RAM, hard disk drive.

Operating system.  

- MS-DOS or PC-DOS 3.1 or higher.

User Interface.

- Menu-driven.

Documentation and Training.

- User's guide.
- Introductory guide to risk analysis.
- Training provided upon request. 

Developer/Vendor. Computer Security Consultants, Inc. a CPA Group
Company, 590 Danbury Rd., Ridgefield, CT, 06877; (203) 431-8720.

Remarks. French and Finnish versions of RiskPAC also available.  CSCI
products also available from Contingency Planning Associates UK Ltd.,
Wokingham, England, Tele. 0734-780555; and from Contingency Planning
Associates BV, Weesp, Netherlands, Tele. 2940-18865.
                              RISKWATCH

Methodology.  Qualitative/Quantitative.  RISKWATCH is a security
management tool consisting of seven modules.  Module 1 is a risk
analysis tool which conducts a formal risk analysis of ADP Centers,
applications, networks, or remote areas; Module 2 supports on-going
risk management planning; Module 3 develops a security plan; Module 4
develops contingency plans and Module 5 conducts a Security Test and
Evaluation (ST&E) of selected safeguards.  Module 6 is a graphics
program and Module 7 is an Expert System Development Tool.  RISKWATCH
includes a questionnaire development tool which allows questions to be
added or modified.  The modules can be purchased separately.  
     RISKWATCH has a built-in expert knowledge base to aid in-house
security expertise.  It has report capabilities, including a text
finder, and a graphics program to translate risk analysis results into
bar graphs or pie charts.  No other software is required.  RISKWATCH
is designed to meet all Federal agency requirements for Risk Analysis,
including OMB A-130.  It automatically determines the implementation
of safeguards, with a Return on Investment ratio for each safeguard.
     RISKWATCH can create questionnaire diskettes for distribution, or
information can be gathered electronically through a network config-
uration.  A vulnerability assessment is automatically created for each
remote site.  Audit trails are maintained throughout the program.
     New releases are available once a year.

Hardware requirements.

- IBM-XT/AT or compatible.
- 640K memory.
- 10M fixed drive. 
- Graphics card.

Operating system.

- MS DOS Version 2.1 or higher.

User Interface.

- Menu-driven with over 400 on-line help files.
- 24-hour telephone support line.
- User's group/quarterly newsletter.

Documentation and Training.  

- User manual.
- Training provided upon request.

Developer/Vendor.  Expert Systems Software, Inc.,
Long Beach, CA; (213) 494-2573; Washington, D.C. (301) 261-0707

Remarks.  The software can be customized by the user to meet the
specific requirements of their organization.  RISKWATCH has an inter-
national and domestic network of licensees.  RISKWATCH currently has a
large install base of federal agencies, both civilian and military;
state governments; and private businesses. SOS (Security On-line System)

Methodology.  Qualitative/Quantitative.  SOS is a tool designed for
risk and security management of a system.  The user begins by defining
the system identification in the database dictionary.  Using this
database, a quick risk assessment is done to determine dollar exposure
of loss or unauthorized modification of system data.  The user can
then use a pre-defined or user-designed questionnaire for self-
assessment, data security review or system audit.  With this infor-
mation, the user then develops a database of threats, vulnerabilities
and safeguards that can be used in writing a contingency plan. 
     SOS's approach allows for mapping where application data resides
and the level of risk for PCs, applications, LANs, data
communications, data base systems, data centers, operating systems,
security products, systems under development and hardware.









Hardware requirements.

- IBM PC or compatible.
- 640K memory.
- 10M fixed drive and one 360K diskette drive.

Operating System.

- MS-DOS Version 2.0 or later.

User Interface.

- On-line HELP facility.
- User report writer.
- Menu-driven.

Documentation and Training. 

- User manual.
- Training in the methodologies and the system is available.

Developer/Vendor. Entellus Technology Group, Inc., Longwood, FL; (407)
774-8397.

Remarks. 
- User can add own definitions and guidelines.
- Up to 999,999 guidelines can be maintained by the system.
- Any number of reviews can be conducted and tracked.