Product > FAQ

FAQ

1. What is the development platform used by Modulo Risk Manager™?
The program was developed using C++ and uses an MS-SQL Server database.

2. How can I use the complete knowledge base descriptions?
Check here the Knowledge Base of your choice.

3. How does Modulo Risk Manager support Risk Management in companies?
Modulo Risk Manager supports Risk Management by creating risk indexes which can be monitored through analysis cycles. It allows security actions to be made tangible by means of comparisons across indexes. Modulo Risk Manager is a system for assessing risks posed to the assets of any given organization. It identifies and assigns to every business risk a value that will be used as an index when defining criteria for risk assessment.

4. Can I follow up on the evolution of risk to the assets? What about to asset components?
Yes. When an asset is selected in the Organization module, there are windows containing information on the evolution of risks. The same action can be performed in the Assets Components module.

5. How does Modulo Risk Manager estimate the risk of a given control?
The risk of a control is calculated using three variables: Probability, Severity and Relevance (PSR®), which are rated within the Organization (R) and Analysis (P and S) modules.

6. What is "knowledge base version"?
It is the last update generated of any given knowledge base.

7. How are new security knowledge bases generated?
The task of maintaining the database used by Modulo Risk Manager is a complex one and requires specialized knowledge in different areas. In addition to a high level of technical expertise, it also requires solid knowledge of security and methodology concepts (assets, vulnerabilities, threats, probability, risk, impact and other concepts described in ISO/IEC 13335 Part I). The Modulo Lab is always researching into new security technologies and developing new knowledge bases for Modulo Risk Manager, as well updating the existing knowledge bases by releasing new versions. Additionally, the knowledge bases approved by the Modulo Lab can also be generated by independent specialists hired for this purpose, or even by the manufacturers of the technology involved.

8. How often are knowledge bases updated?
The knowledge bases are updated as often as necessary. Normally it is necessary to update knowledge bases when there is a new version or significant change in the software program (knowledge bases for applications or operating systems) or when the author receives relevant information worth including in the form of a new control.

9. What are credits?
A credit is a measure for quantification of knowledge bases. Each time a knowledge base is used by the system a certain amount of credits is consumed. Modulo Risk Manager is fueled by credits for performing analyses in different components.

10. What makes a 5-credit knowledge base different from a 50-credit one?
The are three different knowledge base credit ranges:
5 - credit knowledge bases are individual knowledge bases used throughout the company - e.g.: users, stations etc.
50 - credit knowledge bases are those bearing some complexity and which are used rather frequently by the company or on a shared basis.
500 - credit knowledge bases are highly complex, rarely used in companies or operated in a global manner.

11. Can I answer the questionnaires remotely when I´m not logged on to the Modulo Risk Manager server?
Yes. Each questionnaire can be exported separately to the Modulo Risk Manager offline module.

12. Does the Modulo Risk Manager offline module display control details?
Yes. The Modulo Risk Manager offline module works similarly to the online questionnaire

13. What is necessary in order to use the Modulo Risk Manager offline module?
The operator has to be a user of the system, and in possession of a questionnaire which has been exported to him/her. (There is access control).

14. Are there automatic ways to find evidence for controls?
Yes. Modulo has developed the evidence collector concept. This function is initially made available together with the knowledge bases for Microsoft environment. The collectors seek evidence which can help answer whether the controls have been implemented or not.