Overview:
Organizations face a myriad of regulations and mandates and increasing IT risk, but rely
upon ad hoc and disjointed compliance processes which increase the cost of compliance
by 30 to 50 percent more than what is necessary.* Lumension Compliance and
IT Risk Management reduces costs by harmonizing multiple compliance
requirements and IT controls while automating the audit and
IT risk management workflows.
Lumension Compliance and IT Risk Management
OnDemand Demo (Pop-up Window will open)
Compliance and IT
Risk Management
Business Drivers &
Challenges
In today’s highly regulated business environment, many organizations are struggling
with the rising cost of compliance and the growing audit burden. In fact, a Financial
Executives International survey of public companies found that total costs for the first
year of SOX Section 404 compliance average $4.36 million per organization.
A multitude of internal and external requirements, including PCI, SOX, HIPAA and
others, are addressed within organizational silos, leading to redundant workflows and
an inefficient allocation of resources. Audit workflows are often performed manually,
with data captured in numerous disjointed spreadsheets. To compensate for the lack of
compliance visibility across the organization, expensive third-party audit resources are
used to validate compliance and control requirements.
And many organizations still don’t know how compliant they really are. A recent survey
found that 43 percent of existing access rights were either excessive or should have
been retired.**
To demonstrate compliance and stay competitive in this business environment,
organizations must be able to centralize, streamline and automate their compliance
and IT risk management workflows.
Assess Once.
Simultaneously
Comply with a
Wide Range of
Regulations and
Policies.
Lumension Compliance and IT Risk Management enables you to adopt a
comprehensive and continuous audit approach by aggregating and correlating data
from multiple internal and external compliance regulations with best-practice IT
controls — all within one solution, allowing you to:
- Measure and report on multiple regulations and policies simultaneously
- Automate IT risk assessment and remediation through integration with
Lumension or third-party tools (i.e. vulnerability scanners, etc.)
- Streamline the audit process by automating survey generation and data
collection
- Prioritize potential risk by correlating IT assets to critical business processes
How Lumension
Compliance and IT
Risk Management
Works
Lumension’s comprehensive Compliance and IT Risk Management Solution first aligns
business interests, such as revenue centers, key business processes and critical information,
together with IT resources, including servers, applications, facilities and personnel.
Lumension then uses the Unified Compliance Framework (UCF) to harmonize
IT controls, IT assets and internal and regulatory requirements into a single
framework, so you can cost effectively prioritize your compliance and IT risk
management efforts.
Automation across the Compliance and IT Risk Management workflow is enhanced
through integration into Lumension’s award-winning security solutions as well as
other third party products. Additional efficiencies are gained through a patentpending
Risk Intelligence Engine (RIE), which correlates assessment information with
compliance requirements and automatically identifies mitigating IT controls to address
any potential regulatory and IT risk exposure.
Lumension delivers operational and strategic visibility across functional areas so
compliance and IT risk priorities are easily identified. Dashboard style reporting
allows organizations to customize and deliver top down metrics and generate multiple
compliance reports with just a click.
Lumension Compliance and IT Risk Management Workflow
1. Identify: Identify the criticality of IT
assets and their support of key business
processes to define an IT risk profile.
2. Assess: Automatically assess your
technical and procedural controls
for compliance with interfaces to
Lumension and third-party tools and
Web-based surveys.
3. Remediate: Prioritize and address
technical and procedural control
deficiencies.
4. Manage: Create operational and strategic visibility across compliance, IT risk
and control environments with role-based and dashboard reporting.
With Lumension Compliance and IT Risk Management, organizations will
achieve greater visibility across their IT assets while optimizing their resources to
intelligently address IT risk exposure and achieve effective compliance through
strong security practices.
Reduce Your IT Audit Burden
By automating your compliance and IT risk management workflow, you can
comply with numerous regulations and standards using one solution, ultimately
reducing your cost of demonstrating compliance.
Sources:
*IT Policy Compliance, Managing Spend on IT Security and Audit for Better Results, February 2009
**Forrester, Enterprise Management Associates Survey of IT Governance Risk & Control, 2008