The Security Officers Best Friend (SOBF) Tool is an Information Security Governance, Risk and Compliance tool which can be used for Gap Analysis, Risk Analysis and as a general IT Security Management tool. The SOBF Tool is the reference implementation of the SOMAP.org Guide and follows the risk analysis workflow as described in the Guide.

The Java Client is the right choice for small businesses and security officers in an enterprise environment. Please see the web site about the Java Client for further details.

The Web Client is an enterprise ready application which can be installed on a Tomcat server and which can be used by custodians to manage their asset's information. Please see the web site about the Web Client for further details.

• Use the Repository as a meta data framework.
• Build on the concept of Compliance Aggregation.
• Run as a Java Application or as a Web Client.

It is our goal to build the SOBF tool like an extendable toolset. While all the needed functionality is built into the SOBF tool, it is possible to extend and personalise that standard feature set with your own scripts and extensions.

To abstract the database and to access the data more easily the SOBF tool makes use of the Cayenne Framework. The configuration informations are published with the SOBF Tool and it is therefor possible to enhance the default configuration with your own data views and tables. Such personalised data views and tables can be used from within your own extensions to enhance the standard feature set of the SOBF tool.

The SOBF tool makes heavy use of the structures and references from the Repository and features a layer with personalised data ontop the theoretical layer provided by the Repository. The SOBF tool links theoretical informations with a concrete inventory to help the security officer in analysing and managing his or her assets.

With the data and calculations from the SOBF Tool a security officer can generate reports about situations, gaps, protection profiles and the state of an environment.

Since the SOBF tool uses the Cayenne Framework to abstract the database layer it is no problem to exchange the Derby Database System with any other database system like PostgreSQL or DB2 in future releases. It is also possible for a security officer to switch from the internal database to a database server of his or her choice. This is an important feature for the SOBF tool should help a security officer with his work and not stand in his way. For this reason the SOBF tool should be as integratable into an environment as possible.

We are working on a synchronisation function for road warriors so that different users can work asynchronously on the same data and resynch their different state when coming back to the office.

We use the Jasper Reports engine to render and print reports. Please have a look at the Jasper Reports project website for further details concerning the possibilities and the features.

Reports are defined in XML format and there are a few Reports Designer like iReport which help you in designing your Reports. Since the reports shipped with the SOBF Tool are defined in XML you can personalise any predefined report or build your own.

The SOBF tool has a built in extension engine. Extensions are small pieces of application logic which together define the whole application. The navbar as example is completely built from extensions. Extensions consist of a data file describing the extension and some kind of logic (and possibly data). The logic is typically written in form of a script.

The SOBF tool makes use of the Bean Shell scripting engine. With the help of that engine you can change and personalise many aspects of the SOBF tool. Please consult the integrated help system for further details.

In the "Current Releases" section on the left you can find informations about the latest release of the SOBF tool and all our other projects.

If you find an error or bug in the SOBF tool then please make sure that you are testing with the latest version before sending us a bug report.