Archive: News - May 2024

itrust consulting published CS-GRAM open source tools

itrust consulting published a set of tools for risk assessment and management, audit reporting, key performance indicator monitoring, and policy and procedure management specific to cloud services to implement and assess the security requirements and risks for cloud infrastructures and services on GitHub and all publication are also added to the list of publications.

CS-GRAM, short for “Cloud Services-Governance, Risk management, Audit, and Monitoring”, a toolset providing cloud security governance features such as policies, risk assessment models, audit templates, and KPI, is a sub-project of the CyFORT project, which in turn stands for "Cloud Cybersecurity Fortress of Open Resources and Tools for Resilience".

Open source tools available:

ARIANA (on GitHub), short for “Assistance for Reporting on Information system Audits with Normative Assessment”, is designed as an add-on to Microsoft Word and Excel applications and provides a simple and reliable process for creating policies, creating or updating audit reports, managing Excel and Word-based records of processing activities compliant with GDPR, and providing additional Word and Excel utilities useful to consultants in their day-to-day work, published on itrust consulting website.

OpenARIANA (on GitHub), has been developed to address the repetitive task of creating policies, particularly Information Security Management System (ISMS) policies, published on itrust consulting website.

DRAW (on GitHub), is used to graphically represent assets and their corresponding dependencies as well as to synchronize with TRICK Service, published on itrust consulting website.

Trick2MonarcApi (on GitHub), a Java API for MONARC, which allows risk information from other sophisticated risk management tools such as TRICK Service to be imported by facilitating changes to the MONARC JSON data file, published on itrust consulting website.

Link to itrust Abstractions Lab