Products


“We are looking to Agiliance to raise the quality of our risk assessments while reducing the time and cost needed to complete them.”
E. Moskowitz
Corporate Information Security
State Street Corporation

Optimize Mitigation

The Challenge

The cost of mitigation is often up to ten times that of control testing given the complexity of implementing patches, updates, configuration changes and modifications to critical IT infrastructure. The risk of mitigating can sometimes exceed that of placing a new control into some production environments. Prioritizing mitigation is difficult at best when requests come from different compliance and internal audit teams using different information pertaining to the same IT asset. IT Operations often struggles to assess priorities without the context necessary to understand the risk implications associated with requirements for change.


The Solution

Agiliance IT-GRC automates the process of managing mitigation using a closed loop system to ensure status on all change requests are handled or reasons for delays are provided to ensure auditors the organization hasn’t dropped the ball in addressing the results of controls testing.

Mitigation Step

Prioritized risk scoring allows security and risk managers in the organization to focus on the higher risk assets first. Agiliance IT-GRC 3.0 identifies gaps and even suggests steps that can be taken for mitigation. Agiliance IT-GRC 3.0 has a built-in ticketing process to create events for mitigation of gaps and to track the actions to closure. Once closed, the risk posture is relaxed and the corresponding report or dashboard item is automatically reset.

Optimize Mitigation clip

Key Features and Benefits of Prioritized Mitigation

  • Provide management with an overall risk posture summary graphically represented in an organization wide “Heat Map”
  • Allows mitigation prioritization based on business risk
  • Test high risk assets first
  • Mitigate highest risk control failures first
  • Use a native ticketing engine or connect to ticketing systems such as Remedy including bi-directional communications and updates for closed-loop process management
  • Ensure priorities from various vulnerability scanners sources and products is handled in a single view  
  • Baseline using CVSS v2.0 risk scoring and scanner-produced configuration checks (CIS, PCI)  
  • Custom and imported events from SIM/SEM products (ArcSight, Novell, Sentinel).

Top of Page

Live Demo Sign Up