IT Security Risk
ChallengeIT security risk is the most dynamic of all organizational risk. With new threats growing exponentially, IT security risk includes system access, vendor risk, business continuity, disaster recovery, vulnerability management, change management, physical security and much more. Due to its complexity and broad coverage, IT security risk management requires a balanced top- down and bottom-up approach.
SolutionAgiliance RiskVision enables an integrated top-down and bottom-up approach to IT security risk management. RiskVision's top-down risk management capability is suitable for risks associated with people, process, project, and vendors. Risk professionals can build a comprehensive risk catalog and manage the full risk lifecycle. RiskVision supports multiple risk methodologies such as NIST 800-30, AS/NZS 4360, COSO ERM, Shared Assessment, and RMA KRI. RiskVision manages risks through a close-loop lifecycle of identification, assessment, remediation, and monitoring. RiskVision also tracks response and exceptions for IT management approval, review and trending.
RiskVision enables bottom-up security risk assessment by leveraging existing IT and security tool investments and IT data repositories. By mapping controls to risk metrics, IT managers can understand and respond to enterprise security risks including asset vulnerabilities, data leakage, unauthorized access, and unethical hacking. Due to the large volume of data to review and the immediacy of response required, IT security risk operations management requires massive scalability with end-to-end close loop automation. Sample and extrapolate based audit approaches may be sufficient for meeting compliance requirements, but is insufficient for active management of security risks and achieve situational awareness.