IT
Risk Profiling
These features model the relationship between
IT assets and business interests to identify
IT-borne business risk. |
IT Asset Catalog
with Comprehensive Resource Types
IT Asset repository includes all resource
types, including applications, databases,
servers, networks, data centers, people,
and processes. |
Ensure Comprehensive
Visibility of IT Risk Exposure
Provides visibility into all areas of potential
IT risk exposure including IT assets, people
and processes. |
Business Interest
Mapping
Create a catalog of key information and
processes unique to your business that need
to be protected from IT risk. Business Interests
are mapped to Subjects (assets) to provide
a business risk context for IT resources. |
Correlate IT Risk
to Business Impact
Ensures risk-based analysis of your IT posture. |
Business Impact
Analysis through Stakeholder Surveys
Use stakeholder surveys to determine the
business impact of a risk scenario that
compromises the Confidentiality, Integrity,
or Availability of a Business Interest. |
Automate Survey
Workflow
Provides an automated effective means for
identifying, capturing and incorporating
business stakeholder input into the risk
analysis process. |
Risk Profile Surveys
Use automated surveys to allow system owners
to set risk profile attributes for Subjects. |
Automate Previously
Manual Tasks
Provides an efficient manner for obtaining
system owner input into the risk analysis
process. |
Reasonably Anticipated
Risks
Automatically enumerate all of the reasonably
anticipated risks that should be mitigated
for each Subject. |
Effective Communication
of IT Risks to Business Audience
Natural language IT risk statements enable
the security team to clearly communicate
IT risks to non-technical audiences. |
Dynamic Groups
Define Subject groups with attribute-based
criteria. Membership in a group is determined
dynamically based on whether a Subject’s
risk profile matches the group’s criteria. |
Improve Visibility
into IT Environment
Provides flexibility and efficiency in metrics
and reporting. |
Patent-Pending
Risk Intelligence Engine
Analyzes each Subject’s risk profile to
automatically identify:
- Risks the subject is exposed to
- Required compliance mandates
- Controls that must be implemented
to satisfy both compliance and mitigate
risk
|
Optimize IT Resources
Automatic risk profile analysis saves time
over manual risk analysis practices. The
intelligence-based approach eliminates the
need for highly-skilled security experts
to spend time performing manual risk analysis. |
IT
Controls Framework
Harmonizes control requirements for compliance
mandates and risk mitigation. |
Controls Framework
Controls Framework includes technical, procedural,
and physical controls. |
Comprehensive Controls
Ensures comprehensive coverage and definition
of all control activities needed to ensure
compliance and mitigate IT risk. |
Unified Compliance
Framework(UCF)
Network Frontiers’ industry-vetted,
harmonized mapping of unique controls to
compliance regulations is developed and
maintained in collaboration with industry
experts, legal advisors, and standards-setting
bodies across global regulations. |
Support Multiple
Compliance Mandates
Automatically harmonizes IT control frameworks
with industry regulation requirements to
ensure that controls are reasonable and
sufficient to satisfy multiple compliance
mandates |
Control Harmonization
Common controls (e.g. “Strong Passwords”)
are normalized into a single control, which
is cross-referenced to all standards and
regulations that call for the requirement. |
Assess Once, Comply
with Many
Eliminates overlapping control requirements
that result from multiple standards and
regulatory requirements. |
Compliance Library
Over 400 Regulations and Standards documents
are included with full cross-references
to supporting IT controls. |
Optimize Compliance
Workflows
Immediately understand the controls required
to implement on Subjects and avoid time
spent performing custom cross-walks across
multiple requirements documents. |
Internal Compliance
and Security Policy / Control Mapping
Import internal compliance and security
policies and cross-reference them to the
harmonized controls framework. |
Prove Compliance
with Internal Policies
Demonstrates compliance with internal policies
through a common assessment process. |
Controls Linked
to Risk Mitigation
Controls are automatically linked to the
risk scenarios they help prevent, detect,
or correct. |
Quickly Mitigate
IT Risk
Demonstrates how IT controls can mitigate
actual business IT risk. |
IT
Controls Assessment
Automated assessment of technical, physical
and procedural controls. |
Workflow for Assessing
Physical and Procedural Controls
Automated risk assessment workflow provides
structure around the process of collecting
scores and evidence for physical and procedural
controls. |
Streamline IT Risk
Management Workflow
Saves time by organizing the data collection
efforts associated with scoring physical
and procedural controls into a single view. |
Automated Self-Assessment
Surveys
Send multiple-choice question surveys to
system owners to receive up-to-date control
implementation status. Once approved, survey
responses automatically update scores. |
Automate Previously
Manual Tasks
Saves time over in-person interviews and
manual data collection methods. |
Survey Delegation
Survey recipients can delegate surveys to
other team members as needed. |
Ensure Effective
Survey Workflow
Ensures that survey questions are routed
to the appropriate person to answer the
question without extensive up-front org-chart
discovery by the security team. |
Control Score Aging
Configurable timers track the age of every
control score to determine when controls
need to be re-assessed. |
Ensure Current
Assessment Information
Automatically detects when score information
has expired and needs to be updated to keep
compliance and risk metrics up-to-date. |
Interfaces to Security
Point Products
Built-in connectors to Lumension security
solutions and other third party vulnerability
scanning tools collect operational security
data to automatically update control scores. |
Automate Vulnerability
and Configuration Assessment
Saves time by eliminating the need to manually
parse through technical security reports
to update high-level risk and compliance
control scores. |
Attachments for
Evidence Collection
Attachments on control scores provide evidence
of the asserted score. Attachments can be
files or URLs (for example, a URL to an
internal document repository containing
policies). |
Simplified Management
Provides a convenient way to manage the
myriad evidence artifacts required to demonstrate
the validity of self-assessment scores. |
Accountability
for IT Risk Scores
Every score record contains the UserID corresponding
to who made the change. |
Ensure Audit Accountability
Provides accountability for score information. |
Control Scoring
History
All historical control scores are automatically
archived. |
Proof of Compliance
Ensures that historical scoring information
is available when needed. |
Custom Control
Score Status Indicator
Score items within the assessment workflow
can be flagged to indicate status. |
Rapid Evaluation
of Control Scores
Flagging score status allows for quick triage
of scores that require follow-up. |
Auditor Self-Service
Scoring Panel
The direct score entry panel is optimized
for rapid scoring and data entry of assessment
test results. |
Optimize Audit
Results Documentation
Allows auditors and security analysts to
quickly document the results of their security
testing activities. |
Approval-Based
Workflow
Scores entered from self-assessment surveys
and the auditor self-service panel can be
reviewed and approved prior to committing
them to the permanent scoring record. |
Ensure Accuracy
of Scoring Information
Provides an opportunity for internal quality
assurance on scoring information, and ensures
that incorrect survey responses don’t affect
trend data or scoring history. |
Risk
and Compliance Reporting
Generate reports and metrics to satisfy
a diverse risk and compliance audience. |
Compliance Reporting
Compliance reports demonstrate section-by-section
status of your compliance with industry
regulations, compliance mandates, and your
own security policy |
Deliver Comprehensive
Reports
Provide detailed reports to satisfy internal
and external auditors. |
IT Risk Reporting
IT Risk reports catalog security gaps and
how they could affect key business interests. |
Measure IT Risk
to Business Impact
Communicate security gaps in a way that
is easily understood by non-technical business
stakeholders. |
Operational Security
Reporting
Operational security reports provide detailed
security gap information for departments
within IT operations. |
Deliver Metrics
for Rapid Security Enforcement
Communicate security gaps to IT operations
teams and set specific expectations on remediation. |
Risk and Compliance
Index
Distill mountains of security gap analysis
information into risk and compliance index
scores. |
Improve Internal
Communication Regarding IT Risk and Compliance
Provide simple metrics that communicate
your overall security, risk, and compliance
posture. |
Trending Analysis
Metrics on compliance, IT risk, and operational
security are trended on a daily basis. |
Quickly Determine
Trends
Demonstrate trends of security, risk, and
compliance program improvement over time. |
Key Performance
Indicators
Track the aggregate score for a user defined
subset of controls and subjects against
a target value. |
Focus on Metrics
Vital to Your Business
Keep a watchful eye on specific areas of
interest with a simplified report-card view
of your security posture. |
Customizable Dashboard
Views
Combine existing dashboard widgets into
a personalized custom view. |
Highlight Metrics
that You Need to See
Allows individual users to easily view the
key metrics that are important to them. |
Consolidated Findings
Analysis
Employ the heuristics engine to effectively
analyze control scores to discover patterns,
such as a certain group of subjects that
contribute disproportionately to a poor
compliance score, or a certain type of control
that fails across a broad array of subjects.. |
Ensure Rapid Remediation
for High Priorities
Quickly spot patterns in scoring information
that allow you to identify high-value remediation
efforts. |
Remediation Modeling
and Forecasting
Create "what-if" project scenarios to optimize
IT resources to see how that project or
remediation will improve your risk and compliance
metrics. |
Improve Operational
Efficiencies
Prioritize IT resources and remediation
efforts based on the impact to metrics,
and compare remediation projects by cost
and time estimates across all controls. |
Lumension Risk Manager
