Secure Tool for Risk Management

STORM Services

STORM environment offers a bundle of targeted services to the ICT users in order to guide them to securely manage their ICT systems, according to the PDCA model (i.e. Plan: establish the ISMS, Do: implement and operate the ISMS, Check: monitor and review the ISMS, Act: maintain and improve the ISMS) of the ISO27001 security standard for the design, implementation, monitoring and improvement of an Information Security Management System (ISMS).

The STORM collaborative environment implements all the phases of STORM-RM methodology and offers them as friendly e-services. Speciffically, the collaborative services offered to the STORM users (members of the security team, managers, administrators, end-users) by the STORM environment are:

  • Cartography
    • Services identification
    • Data Identification and Data Mapping
    • Identify and depict the ICT infrastructure
    • ICT assets (software and hardware) identification
  • Impact Assessment Service:
    • Conduct Data Protection Impact Assessment (DPIA)
    • Recognize the impacts (business, economical, technological, legal) of upcoming incidents on the operations of the ICT
  • Threat Assessment Service:
    • Identify threats
    • Evaluate threats
  • Vulnerability Assessment Service:
    • Identify Vulnerabilities
    • Evaluate Vulnerabilities
  • Risk Assessment service:
    • Collaborative support towards identifying and evaluating the impact, threat and vulnerability of each ICT asset (i.e. software, hardware, data asset).
  • Risk Management service:
    • Select the appropriate countermeasures according to the STORM-RM algorithm in order to protect ICT assets.
  • design, update and download as controlled PDF file the Security Policies (based on the security standard ISO 27001),
  • design, update and download as controlled PDF file all the necessary (mandatory or not) Security Procedures of the ICT systems (based on the security standard ISO 27001),
  • design, update and download as controlled PDF file the Statement Of Applicability (SOA),
  • report and manage Information Security Incidents. The STORM users are able to report any security incident with all the necessary information such as the date of the incident, the asset involved, the impact level of the specific incident, the corrective and preventive actions needed etc. Additionally, they are able to download as PDF file the incident report form as well as the list with all the existing security incidents,
  • report all possible Non-Conformities from internal audits and assign the corrective actions to the corresponding users via the Task Management Service
  • prepare the Internal Audit Report and download as controlled PDF file
  • prepare the Information Security Management Reviews, identify the actions required in order to effectively review the Security Procedures, Policies and Risk Assessment Results. Additionally, all agreed actions at the Management Review Meetings will be assigned to the appropriate personnel in order to monitor their implementation status via the Task Management Service.
  • Forum
    • Find immediate solutions to any everyday security problems
  • STORM Wiki and STORM Surveys
    • Set up security awareness programs in order to ensure that all the organisation’s users are aware of the security policy, procedures and their responsibilities.
Storm_services STORM Services
STORM Version 3.0: STORM has been updated in order to offer GDPR compliance services
STORM Version 2.0: The new version of STORM complies with the ISO 27001:2013 requirements
ISO 27001:2013: New version of the ISO 27001 standard published on October 2013.