Download Mehari 2007

Mehari 2007 knowledge bases are free.

• Guide lines for the business stakes analysis of the company or entity and classification of its assets,
• Added cartographic decomposition capabilities for the whole organization, or suitable parts of it, allowing a better focus on the most sensible assets,
• An enriched vulnerability audit base:
  • including office environment and compliance controls,
  • proposing formulas easy to integrate within spreadsheets and software tools,
  • providing quality and compliance indicators (ex. ISO 17799:2005).
• Two ways (global and analytical) to analyze a comprehensive set of risk scenarios,
• Mechanisms allowing to prepare and prioritize action plans (strategic or operational),
• Directions for selection of security management policies and processes,
• A modular documentation set (guides, manuals), in English, French, German or Italian.

It is easy to access Mehari documentation from CLUSIF website, as suited to your objective:

Title	Pages	Format	Reader	Purpose
Flier	4		All publics	What? Why? How? Benefits?
Overview	13		CIO, CISO, RM, audit, managers	Mehari, risk management method: options and steps, ISMS and beyond
Concepts and mechanisms	49		CISO, CIO, RM, audit, managers	Understand the mechanics of the risk management method from business assets analysis to security plans establishment
Security stakes analysis and classification	23		Managers, RM,Audit, CISO, CIO	Analyze the stakes and consequences of malfunctions for the organization, identify and prioritize the primary and supportive assets
Evaluation Guide for security services	17		CISO, audit, CIO	Organize information security audit to reduce risks using questionnaires and standard security risks incidents
Risk analysis guide	25		managers, RM, CIO, CISO, audit	Information security risk assessment steps from the business processes and assets to risk reduction solutions

• A PowerPoint presentation of Mehari is also available in French
• Mehari knowledge bases themselves are completed with two reference manuals for use by CISO and security auditors:

Title	Pages	Format	Readers	Purpose
Manuel de référence des services de sécurité	214		CISO, audit	Guide for the vulnerability audit providing, for each of the security services, its purpose, expected results, description, etc. (Translation under study)
Manuel de référence des scénarios	228		CISO, audit	Details 171 threat situations, providing a quick analysis scheme and correspondence tables to security services allowing to reduce the risk (Translation under study)
Vulnerability audit knowledge base	124		CISO, audit	Audit questionnaire of security services, tables for risk evaluation, automated functions including ISO 17799 scoring, etc