RA2 art of risk

Find out more about RA2

Risks caused by the lack of information security can severely damage a business. Knowing the “art of risk” enables a business to protect itself and to minimize any damage.

RA2 art of risk is the new risk assessment tool which replaces the popular RA software tool. This latest tool is more than just a risk assessment tool as it covers a number of security processes that direct businesses towards designing and implementing an information security management system (ISMS).

RA2 art of risk is a risk approach with a difference; it is a management tool designed to help businesses to develop an ISMS in compliance with the ISMS specification BS ISO/IEC 27001:2005, and the code of practice for information security management BS ISO/IEC 27002. This includes:

• defining the scope and business requirements, policy and objectives for the ISMS
• developing an ISMS asset inventory
• carrying out an ISMS risk assessment
• facilitating the risk decision process by consideration of the appropriate risk treatment option
• a process for selecting a system of controls
• a documentation facility for producing, for example, a “statement of applicability” and other ISMS documents.

Key features and benefits include:

• all controls from BS ISO/IEC 27002:2005
• improved usability as the user can switch between the two standards
• over 1500 detailed implementation questions for the new controls from ISO/IEC 27002:2005
• easier to identify the implementation status and/or key implementation issues
• all results can be imported with just one button-click.

RA2 art of risk provides a user friendly, step-by-step process approach. It also includes a comprehensive help assistant facility, and various built-in checklists and questions to ensure that nothing has been forgotten. A fully worked through example has been integrated that can be called up at any time in the risk assessment and treatment process to illustrate how the tool can be used to support the ISMS development and implementation.

RA2 art of risk can be completely customized to meet the requirements of your organization. This includes the assessment of assets, threats and vulnerabilities applicable to your organization, and the possibilities to include, in the assessment, controls additional to the ones in BS ISO/IEC 27002. It also includes a set of editable questions that can be used to assess the compliance with BS ISO/IEC 27002.

For successful risk assessment and management, information needs to be collected from different sources within the organization. RA2 art of risk includes the RA2 information collection device, which can be installed anywhere in your organization as necessary to collect and feed back information into the risk assessment process. Information assessed in the risk assessment can be exported to this information collection device, and the collated information can be automatically imported back into the risk assessment.

When the process of designing and implementing the ISMS has been finalised, RA2 art of risk allows you to create an archive that stores the results of this activity separately. At the same time, these results can be used as the basis for the next assessment in the ongoing risk management activities. It is also possible to import results from the previous RA software tool into RA2 art of risk to use the new tool.

Your organization needs to protect its information against a range of risks. Experience has shown the importance of effective risk management in today's modern business arena. It is important for management to understand what information security risks and impacts the business is likely to be faced with. This helps to facilitate informed decision-making in order to identify and implement an appropriate system of controls and processes to manage these risks. RA2 art of risk can help your organization understand and protect against risks.

BSI order ref: BIP 0022

Price £1,100 + VAT

FREE postage and packing and credit facilities are available to our BSI Subscribing Members! Visit the Membership pages for details of the other benefits that our Members enjoy.