Secure Tool for Risk Management


STORMTM is an innovative, collaborative, cost effective and user friendly security consultancy environment based on widely used collaborative Web 2.0 technologies that can be used by different type of organisations in order to collaboratively manage their information security. STORM can easily be parameterised in order to address the needs of different types of Information and Communication Technology (ICT) systems (i.e. critical infrastructures, SMEs).

STORMTM environment offers a bundle of targeted services to the ICT users in order to guide them to securely manage their ICT systems, according to the PDCA model (i.e. Plan: establish the ISMS, Do: implement and operate the ISMS, Check: monitor and review the ISMS, Act: maintain and improve the ISMS) of the ISO27001 security standard for the design, implementation, monitoring and improvement of an Information Security Management System (ISMS).

Storm_services STORM Services

The vision of STORM environment and its services is to help organisations to become security aware, follow good security practices and manage their ICT security in a cost effective (in terms of budget, resources, efforts and time), user friendly and efficient way to address their specific needs. In this context, STORM aims to help organisations to develop security culture and consciousnesses within their enterprises. In particular, STORM contributes to the:

  • effective identification of critical services, assets and their interconnection
  • flexible evaluation of effects caused by the security breach (i.e. loss of availability, loss of confidentiality, loss of integrity) of any asset of the ICT infrastructure,
  • accurate vulnerability assessment of the complex ICT systems and infrastructures
  • identification and assessment of all the possible threats that the ICT assets daily face
  • definition of acceptable risk and criticality of the individual components of an infrastructure with objective criteria,
  • identification and selection of the appropriate countermeasures in order to mitigate the risks and ensure the service continuity,
  • enhancement of the ICT security and privacy intelligence and awareness,
  • improvement of trust in customer relationships.
STORM Version 3.0: STORM has been updated in order to offer GDPR compliance services
STORM Version 2.0: The new version of STORM complies with the ISO 27001:2013 requirements
ISO 27001:2013: New version of the ISO 27001 standard published on October 2013.