computer risk analysis and management method (CRAMM)

Computer Risk Analysis and Management Method (CRAMM) is a software package for knowledge-based risk management, introduced as early as 1987, which complies with the British security standard BS 7799 and is certified according to ISO 17799.

CRAMM is based on a tool-supported structure with which business processes can be modeled and vulnerabilities in IT and communication systems can be assessed. In addition, CRAMM can make security suggestions, plan emergency supply measures, generate Information Security Management System( ISMS) and identify objects to be protected. With the result, which can be issued as a report, management can record, assess and eliminate vulnerabilities and risks in IT-supported business processes, software and hardware, networks, personnel, buildings, and more.