This is Esteban, founder of www.eramba.org, an open-source information security governance tool. If you run or you are planning to build an information security program at your organisation, im pretty sure this project is of your interest.
Im happy to say that we have certainly achieved our 2014 goal! eramba is probably the most serious and complete open-source security governance tool available on internet.
After a quite successful first year (hundreds of downloads, three world-wide conferences and tons of feedback) we secured enough donations to plan a fully re-coded version 2, hire profesional developers and UX specialists and respond to the demands of eramba’s users:
- make it look and feel enterprise (stable, secure, clean, documented, supported)
- make risk, audit, compliance, awareness and operations dashboards: beautiful & useful.
- include a role-based, video + exam security awareness module to comply with ISO 27k, PCI, etc.
- make sure all works and is tested in a global corporation
- make sure enterprise support, customisation and training services (paid) are available
With eramba v2. you can:
- Follow a structured, simple and fully ISO/IEC 27001 compliant approach towards Risk Management
- Define all your regulators (ISO, PCI, Customers, Etc), map Security Controls and effectively manage your Compliance
- Define custom made compliance packages and use them for auditing your Third Parties or Internal Audits
- Define role-based security awareness with custom videos and exams to ensure your entire organisation receives appropriate trainings and successfully deploy a Security Awareness solution.
- Define Business Continuity Plans and ensure strict awareness and testing is delivered to the plan members.
- If you are building a ISO program, define a Statement Of Capabilities (SOA)
- Manage Exceptions (Risk, Compliance, Policy) and their notifications.
- Manage your team Projects and Budgets
- an much more ! (ha, i never thought i would say such a cliche!)
At www.eramba.org you can find screenshots, short introductory videos, documentation and an online demo. Of course you can download the code and try it yourself. We believe the project is reasonably well documented, if you need year round support, training, customisation or consulting services contact us (firstname.lastname@example.org) for paid services. Remember, these services provide %90 of the funds the project needs to stay around!
If you work for a IT or Security consulting company and you are genuinely interested in any way with this project, drop us a line. We are building the network of companies that will provide enterprise support to eramba customers.
thank you for your time and I hope to hear from you soon.
Wishing you a great week
ps. this email went to my contacts, mostly IT and Security professionals.