1. What platform was used to develop Modulo Risk Manager?
Modulo Risk Manager was developed using C++ and uses a SQL Server database.
2. How can I use the complete knowledge base descriptions?
Check the knowledge base of your choice.
3. How will Modulo Risk Manager support Risk Management in my organization?
Modulo Risk Manager supports risk management by creating risk indices which can be monitored through analysis cycles. It allows security actions to be made tangible by means of comparisons across indexes. Modulo Risk Manager is a system for assessing risks posed to the assets of any given organization. It identifies and assigns to every business risk a value that will be used as an index when defining criteria for risk assessment.
4. Can I follow up on the evolution of risk to assets? What about to asset components?
Yes. When an asset is selected in the Organization module, there are windows containing information on the evolution of risks. The same action can be performed in the Assets Components module.
5. How does Modulo Risk Manager estimate the risk of a given control?
The risk of a control is calculated using three variables: Probability, Severity and Relevance (PSR), which are rated within the Organization (R) and Analysis (P and S) modules.
6. What is the "knowledge base version"?
It is the last update generated of any given knowledge base.
7. How are new security knowledge bases generated?
The task of maintaining the knowledge bases used by Modulo Risk Manager is complex and requires specialized knowledge in different areas. In addition to a high level of technical expertise, knowledge base maintenance also requires solid understanding of security and methodology concepts (assets, vulnerabilities, threats, probability, risk, impact and other concepts described in ISO/IEC 13335 Part I). The Modulo Lab is always researching new security technologies and developing new knowledge bases for Modulo Risk Manager, as well updating the existing knowledge bases by releasing new versions. In addition the knowledge bases approved by the Modulo Lab may also be generated by independent specialists hired for this purpose, or even by the manufacturers of the technology involved.
8. How often are knowledge bases updated?
The knowledge bases are updated as often as necessary. Normally it is necessary to update knowledge bases when there is a new version or significant change in the software program (knowledge bases for applications or operating systems) or when the author receives relevant information worth including in the form of a new control.
9. What are credits?
A credit is a measure for quantification of knowledge bases. Each time a knowledge base is used by the system a certain amount of credits is consumed. Modulo Risk Manager is fueled by credits for performing analyses in different components.
10. What makes a 5-credit knowledge base different from a 50-credit one?
The are three different knowledge base credit ranges:
5-credit knowledge bases are individual knowledge bases used throughout the company - e.g.: users, stations etc.
50-credit knowledge bases are those bearing some complexity and which are used rather frequently by the company or on a shared basis.
500-credit knowledge bases are highly complex, rarely used in companies or accessed in a global manner.
11. Can I answer the questionnaires remotely when I'm not logged on to the Modulo Risk Manager server?
Yes. Each questionnaire can be exported separately to the Modulo Risk Manager offline module.
12. Does the Modulo Risk Manager offline module display control details?
Yes. The Modulo Risk Manager offline module works similarly to the online questionnaire.
13. What are the prerequisites for using the Modulo Risk Manager offline module?
The operator must be a user of the system, and in possession of a questionnaire which has been exported to him/her. (access control is implemented).
14. Are there automatic ways to find evidence for controls?
Yes. Modulo has developed the evidence collector concept. This function is initially made available together with the knowledge bases for Microsoft environments. The collectors seek evidence which can help answer whether the controls have been implemented or not.