Lumension Compliance and IT Risk Management
Measure Your Security Posture and Align Risk to Business Assets with a Comprehensive IT-GRC Solution.
Overview:
Lumension® Compliance and IT Risk Management, comprised of Lumension® Risk Manager and Lumension® Enterprise Reporting, enables organizations to effectively measure their security and compliance posture and align IT risk with business specific business assets. Lumension® Compliance and IT Risk Management streamlines and automates IT risk management workflows and consolidates security control, vulnerability assessment and business process survey data into a centralized dashboard view for clear, real-time security and policy compliance trending analysis.
By providing enterprise-wide visibility of the IT environment - including technology, processes and people - and prioritizing IT risk to focus on the greatest impact to the business, Lumension enables security professionals and business executives to demonstrate compliance, protect sensitive information, minimize brand and reputation loss, and address initiatives that improve the business.
With Lumension Compliance and IT Risk Management, you can:
1. Identify: Identify the criticality of IT assets and their role in the support of key business processes, and associate IT risk with those key resources.
2.Assess: Assess your technical and procedural controls for compliance using interfaces to Lumension and third-party tools and conduct non-technical Web-based surveys.
3. Remediate: Prioritize and address technical and procedural control deficiencies, assign and track status of remediation projects.
4.Manage: Create operational and strategic visibility compliance and IT risk posture across the organization. across compliance, IT risk and control environments with role-based and dashboard reporting.
Key Features:
| Solution Capability | Benefit |
Map Business Interests to IT Resources |
Aligns IT with Business Strategy Ensures that business strategy is always in alignment with IT resources including servers, applications, facilities and personnel. |
| Identify and Recommend IT Control Assignments Identifies and recommends required IT controls, including technical, procedural and physical, across various IT assets necessary to support internal and external regulations and control standards. |
Understand Necessary Controls to Ensure Compliance Ensures that controls across people, process and technology are identified to support specific requirements that an organization must address in order to be compliant and achieve greater security. |
| Harmonize Multiple IT Controls and Compliance Requirements Leverage the UCF to map multiple regulations to the required IT controls – more than 400 regulations covered 2400 controls. |
Streamline Compliance Efforts Harmonizes multiple internal and external compliance mandates into one framework to reduce the time, resources and costs needed to address multiple IT audits without duplication of controls.. |
| Identify and Prioritize IT Risks Identify the criticality of anticipated IT risks in support of business interests and compliance requirements. Supports “what if” analysis. |
Focus on What Matters Most Enables IT resources to be prioritized to mitigate the greatest amount of risk to the organization in support of critical regulatory and internal policy requirements. |
| Automate the Assessment of Technical Controls Automatically assess technical controls across a broad IT landscape and correlate these assessments for IT risk identification and prioritization, internal and external compliance and IT control adherence. Integrates with Lumension security products as well as third party vulnerability assessment tools. |
Streamline IT Operations Reduces time and resources required to perform technical control assessment across the organization. |
| Centralized Knowledge Repository Centralize all compliance and assessment data into a single knowledgebase for prioritization and optimization of IT risk remediation efforts. |
Consolidate Assessment Data Reduces disparate collection of data and streamlines IT audit processes. |
| Automated Web-based Assessment Workflow-based surveys collect, monitor and track information on procedural controls. |
Reduce Time to Assess Procedural Controls Streamlines the assessment and ongoing monitoring of procedural processes and controls. |
| Prioritization of Remediation Deficiencies Identify critical remediation tasks based on risk to the organization and in support of requirements. Utilize Lumension’s award-winning security solutions to effectively and efficiency address technical control deficiencies. Assign and track remediation activities. |
Optimize IT Resources Prioritizes remediation tasks to support critical internal and external compliance requirements. Enables you to monitor and track progress of remediation activities to reduce costs and increase efficiencies. |
| Supporting Evidence Documentation Append supporting documentation and evidence across workflow-based surveys. |
Limit Your Liability Ensures proof of compliance for procedural controls. |
| Assign and Manage Remediation Responsibility Identify roles and individuals responsible for remediating technical and procedural controls. |
Ensure Proper Resources Address Technical and Procedural Controls Improves audit and compliance workflows by ensuring the right resources are responsible for fixing controls in support of requirements. |
| Measure and Report on Multiple Regulations Deliver measurement and reporting on numerous compliance mandates across industry, government, and internal compliance requirements and best-practice frameworks. |
Reduce Time to Report on Compliance Reports across multiple requirements and frameworks to provide holistic measurement across the entire organization. |
| Compliance and IT Risk Dashboard Reporting Customize and deliver top down metrics and executive reporting across operational security, IT risk and compliance postures. |
Demonstrate Compliance Provides customized dashboard reports that deliver the necessary metrics by audience. |
| Role-Based Reporting Produce reports for diverse audiences throughout the organization, including auditors, management and IT operations. |
Ensure Visibility for All Stakeholders Delivers reports that satisfy internal and external auditors and communicate security gaps to IT operations teams as well as to non-technical business stakeholders. |
Documentation:
Download the Lumension Compliance and IT Risk Management Datasheet (PDF).