basics COBRA CONSULTANT PRODUCTS AN EASY TO USE GUIDE AND

Document Sample
basics COBRA CONSULTANT PRODUCTS AN EASY TO USE GUIDE AND Powered By Docstoc
					COBRA

CONSULTANT PRODUCTS




  AN EASY TO USE GUIDE


   AND EVALUATION AID
INSTALLING COBRA

When you have downloaded the COBRA file from our web site, you will first need to execute the
installation routine. This is achieved by simply executing the COBSETUP.EXE file (by double
clicking on it via Windows Explorer, or other means).

This program takes you through the setup process and installs the COBRA system. By default,
COBRA will be installed into a folder called: c:\cobra3 However, the opportunity is presented to
choose another name and/or location if required.


COBRA consists of 2 components: the base COBRA system and the individual knowledge bases.
With the latest release of COBRA, the knowledge bases are installed automatically.


THE KNOWLEDGE BASES

The evaluation version includes the following knowledge bases:

       RISK ANALYSIS

       IT-Secty:      the IT Security Risk Knowledge Base

       Op-Risk:       the Operational Risk Knowledge Base.

       QwikRisk:      the QuickRisk or High Level Knowledge Base

       E-Struct:      the E-Structure or Network Knowledge Base


       ISO 17799 COMPLIANCE

       ISO17799:      the ISO 17799 Knowledge Base




STARTING THE SYSTEM

To start COBRA, simply click on the COBRA icon or select it from the Programs list from the
Windows Start Menu.

You will be presented with the two prime COBRA options: Risk Consultant and ISO Compliance
Analyst. From these simply select which sub-product you wish to evaluate.
EVALUATING COBRA RISK CONSULTANT - GETTING STARTED

When Risk Consultant has been successfully installed the Primary Option Menu is presented. It is
from here that all the main functions of Risk Consultant are selected.


Building The Questionnaire

To complete a questionnaire it must first be 'generated' or 'Created'. This is achieved via the
Questionnaire Builder option. Through the 'Manual Build' selection, click on 'Create Qaire' and
choose one or more modules from the list presented (see the User Manual for module details).

If a full business system is to be assessed via the IT Security Knowledge Base, the BUSINESS
question module should be selected individually (for the High Level Risk Assessment knowledge
base this is the BIA module, and for the Operational Risk knowledge base the module name is
IMPACT). These knowledge bases are shipped with a BIA questionnaire created ready for use.


Survey Completion

On return to the Primary Option Menu, the questionnaire will be generated. To complete the
module(s) within it, select the Risk Surveyor option.

As one questionnaire can be used to address more than one system, a unique survey must be
created when completion first commences (via a click on the 'Create' button). Then simply select
the questionnaire name created above, enter appropriate introductory text, and proceed to answer
the question module(s) presented. The questions can be answered (the survey undertaken) during
one or more sessions.

If the BUSINESS module is chosen (for a full business linked assessment) this can be used to
generate a detailed questionnaire appropriate to the system under review. Upon completion, simply
return to the Questionnaire Builder option and select 'Automatic Build'. Enter a new questionnaire
name (for the detailed questionnaire) and proceed again to Risk Surveyor to answer the questions
within it.


Report Generation

To generate reports for a completed survey, select the Report Generator option from the Primary
Option Menu. A range of reports and formats are available – simply select the sections and options
required. When the report preview window is displayed, the report has the exactly the same format
as when it is printed or exported to a file. Print and Export is disabled in the evaluation version of
COBRA.


Utilities

Various changes can be made to the system via the 'utilities' option. For example, the currency can
be changed to the $, window colours can be changed, etc.


            FOR A CHECKLIST OF STEPS FOR A FULL ASSESSMENT SEE FINAL PAGE
EVALUATING COBRA ISO 17799 CONSULTANT - GETTING STARTED


When ISO 17799 Consultant has been successfully installed and started, the Primary Option
Menu is presented. It is from here that all the main functions of the system are selected.


Survey Completion

To begin the exercise, Compliance Surveyor should be selected. A menu will now appear
containing various options. As the product can address multiple systems, a unique survey must be
created for this particular review. This is achieved via a click on the Create button.

ISO 17799 Consultant will now present a field for completion. It will request a unique name for the
survey about to be undertaken (ie: for this review) and a brief description of this. Press the 'OK'
button when complete. Following this, some freeform text may be entered to set the scene for the
review.

The system will now present a menu of QUESTION MODULES to be completed. These should be
selected and answered as required. Note that each module covers one of the ten categories
covered by the ISO 17799 standard.

On initial selection of a module, ISO 17799 Consultant will first check whether or not a set of
'standard' responses for that module are to be copied from another previously completed survey
(eg: for another application/system). It will then require the name and job title of the person who is
to answer the questions.

When the questions in a module have all been answered, the menu of question modules will be re-
displayed. Those completed will be marked with a tick. Any that have been started but are
incomplete will be indicated by an 'I' (for 'Incomplete').

Note also that question responses can be changed (by pressing the 'Update' button), the survey
can be deleted (by pressing 'Delete') and hypothetical scenarios can be tested (by pressing 'What
If').


Report Generation

To generate reports for a completed survey, select the Report Generator option from the Primary
Option Menu. A range of reports and formats are available - simply select the sections and options
required. When the report preview window is displayed, the report has the exactly the same format
as when it is printed or exported to a file. Print and Export is disabled in the evaluation version of
COBRA.
EVALUATING MODULE MANAGER - GETTING STARTED


COBRA Module Manager is used to customise and change the supplied knowledge base. All the
contents of the knowledge base can be tailored, or indeed, totally new knowledge bases can be
developed.

Module Manager is a menu based system, designed specifically for ease of use and to facilitate
quick and accurate knowledge base maintenance. Full help facilities are included to ease you
through the use of the component.


Installing Module Manager

Simply execute the following command from the ‘Run’ dialogue box or via Windows Explorer, and
follow the instructions presented:

       d:\mm-setup.exe

The required password will be notified on request.


Using Module Manager

In common with all the COBRA products, Module Manager is very intuitive and is extremely
straightforward to use.

The different elements of a knowledge base (eg: Question Modules, Profiles, Countermeasures,
etc) can be accessed via the selection of the Knowledge Base Management option of the
primary menu.

Entire Knowledge Bases themselves are handled via the Variant Management option.



For detailed guidance upon knowledge base customization, please request the Module
Manager manual from your COBRA distributor.
RISK CONSULTANT - EXAMPLE ROUTE FOR A FULL ASSESSMENT


1) GENERATE THE BUSINESS QUESTIONNAIRE
     Select Questionnaire Builder from the Primary Option Menu.
     Select Manual Questionnaire Build from the pop-up menu presented.
     Click on 'Create Q'aire'
     Enter a unique business questionnaire name.
     Select the BUSINESS module from the list displayed and click on 'Add'.
     Return to the Primary Option Menu by clicking on 'Exit' as required


2) COMPLETE THE BUSINESS SURVEY
     Select Risk Surveyor from the Primary Option Menu.
     Click on the 'Create' button on the window presented.
     Click on the business questionnaire name entered in step (1) from the list displayed and
      click on 'OK'
     Enter a unique business survey name and description when requested and click on ‘OK’.
     Click on 'Open Module' on the window presented.
     Answer the survey questions as appropriate (over one or more sessions).
     Upon completion return to the Primary Option Menu (click on 'Exit').


3) GENERATE THE FULL QUESTIONNAIRE FROM THE BUSINESS SURVEY
     Select Questionnaire Builder from the Primary Option Menu.
     Select Automatic Questionnaire Build from the menu presented.
     Select the survey name entered in step (2) from the list displayed, click on it and then click
      on 'OK'.
     Enter a unique full questionnaire name for this assessment when prompted.
     Return to the Primary Option Menu (click on 'Exit').


4) COMPLETE THE FULL SURVEY
     Select Risk Surveyor from the Primary Option Menu.
     Click on the 'Create' button on the window presented.
     Enter a unique full survey name and description when requested and click on 'OK'.
     Click on the full questionnaire name entered in step (3) from the list displayed and click on
      'OK'. Enter a survey description when requested.
     The system will now offer the modules within the questionnaire for completion. Complete as
      appropriate (over one or more sessions) by opening each in turn and answering the
      questions presented.
     Upon completion return to the Primary Option Menu (click on 'Exit').


5) PRODUCE THE REPORTS
     Select Report Generator from the Primary Option Menu.
     Click on the survey name created in step (4) above, then click on 'OK'
     Select the required reports and options from the lists displayed.
     Press “View Report” to preview the report – it can be printed or exported to a file from here
      (except in the evaluation version where Print and Export to file are disabled).

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:9
posted:2/9/2012
language:
pages:6