• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
RiskWatch for Information Systems™
 

RiskWatch for Information Systems™

on

  • 1,465 views

RiskWatch for Information Systems™ is the most accurate, comprehensive way to conduct governance, compliance and risk assessments based on international standards including ISO 17799, ISO 27001, ...

RiskWatch for Information Systems™ is the most accurate, comprehensive way to conduct governance, compliance and risk assessments based on international standards including ISO 17799, ISO 27001, COBIT 4.0 and Sarbanes Oxley (SOX). The RiskWatch for Information Systems™ software includes a simple web-based questionnaire application. This can also be used on an internal server, or hosted, to facilitate the gathering of responses from management and IT system users. Respondents simply answer the questions, and their answers are imported for analysis. Combined with a full threat assessment, control analysis and patented algorithms. RiskWatch automatically analyzes all data, and creates management reports detailing compliance vs. non-compliance, backed up with a complete set of working papers. Return on Investment is calculated for each safeguard and a Case Summary Report is generated to show Compliance vs. Non-Compliance, Protection Levels, Annual Loss Expectancy Data by Asset Category, Threat or Loss Impact Category. The report demonstrates which security measures are most effective for your organization, and which ones give you the most bang for your buck.

It can be installed on your desktop PC or network server and it eliminates 50%-70% of the work of doing a manual risk analysis. It includes an Asset Configuration Tool, based on a standard capital expenditures allocation, so that you can instantly populate asset information fields. Default data on threat frequencies, and the cost of applicable safeguards (controls) is included.

Here\'s What a Major Software Analyst Firm had to Say:
"RiskWatch is set apart by its focus on risk analysis for security management, its extensive knowledge base for all areas of security, its ability to handle large volumes of information, and the volume and flexibility of its customizable features. RiskWatch not only calculates risks through standards and universally accepted methodologies and technologies, but it also builds and provisions intelligent structures of enterprise policies, and regulatory and industry compliance for ongoing assessments and audits."

Statistics

Views

Total Views
1,465
Views on SlideShare
1,463
Embed Views
2

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

RiskWatch for Information Systems™ RiskWatch for Information Systems™ Presentation Transcript

  • Software for Enterprise Risk Assessment RiskWatch ® Annapolis, Maryland
  •  
  • New Emphasis on Risk Assessment
      • Importance of Information Technology
      • IT has become the important part of most organizations
      • New federal and international standards require more IT risk analysis
      • Regulators are requiring more security risk analysis
    • Governance, Risk & Compliance = Accountability
      • Sarbanes Oxley has increased the accountability of management
      • New regulations for financial institutions require every institution, including banks, credit unions and technical service providers, to complete a risk analysis.
  • Increased Requirements for Security Risk Assessments
    • Governments are instituting requirements or expecting that companies will perform security risk assessments . Assessments can include identification of threats, vulnerabilities, and — based on both — an analysis of security gaps and mitigation strategies. Some of the assessment requirements also require that companies identify the most critical assets and propose plans to protect core business functions and human assets.
  • R ISK W ATCH ®
    • Incorporates continually updated regulatory requirements and guidelines (ISO, FFIEC, GLBA, PCI, HIPAA)
    • Easy to Navigate, Guides user through the entire process
    • Completely customizable by the user
    • Identifies and quantifies risk by using the relationships between asset, threats, loss probability and vulnerability
    • Automatically produces complete management-ready compliance and risk assessment reports
    A comprehensive and integrated software tool that automates the surveying, data collection, analysis and reporting for risk assessment and its on-going management.
  • RiskWatch Uses Compliance Regulations, Standards and Guidelines
    • Information Security/ISO 17799
    • ISO/IEC 17799:2005
    • ISO/IEC 27001
    • COBIT 4
    • Federal Information Systems NIST 800-53 , NIST 800-53 Physical Security
    • Army Field Manual Best Practices
    • FEMA 426 – Protecting Buildings Against Terrorism
    • C-TPAT (Customs Trade Partnership Again Terrorism)
    • ASIS Threat Guidelines
    • Campus and School Security FEMA 428 - Primer to Design Safe School Projects
    • Financial & Regulatory Compliance
    • FFIEC Audit Framework for Information Security and for Risk Analysis
    • Red Flag Identity Theft (Identity Theft)
    • Bank Secrecy Act (BSA)
    • PCI Data Security Standard
    • Sarbanes Oxley Act
    • GLBA (Gramm Leach Bliley Act)
    • HIPAA Compliance
    • Health Insurance Portability and Accountability Act of 1996
    • Electric & Nuclear Compliance
    • NERC – CIP 002-009 ( North American Electric Reliability Council) Critical Infrastructure Protection)
    • Nuclear - NRC (Nuclear Regulatory Commission) & NEI
  • WHAT’S RISKWATCH?
    • Since 1993, RiskWatch has been the Leader in Security Risk Assessment Software
    • NIST-CSE Model Builder’s Workshop on Risk Assessment & the NSA Rating Model Workshops 1988 - 1995
    • Participated in the Working Group to Write DOD Directive on Risk Management under the Office of the Secretary of Defense, 1996-1998.
    • Participated in Dept. of Justice Working Group on Vulnerability Assessment Models for Homeland Security, 2003
    • ASIS International, Information Technology & Security Council IBM Data Governance Council – Caroline Hamilton
  • RiskWatch Solutions
    • RiskWatch for Information Systems & ISO 17799
    • RiskWatch for Financial Institutions
    • RiskWatch for Credit Unions
    • RiskWatch for PCI
    • RiskWatch for Federal Systems
    • RiskWatch for HIPAA Compliance
    • RiskWatch for Healthcare Security
    • RiskWatch for Electrical Utilities (NERC)
    • RiskWatch for Nuclear Power (NEI-NRC)
    • RiskWatch for Physical & Homeland Security
    • CASEWORKS
  • RISKWATCH ® Value
    • Reduces time involved in performing a Risk Analysis by 70%
    • Users are able to customize software to fit their own profile
    • Meets audit requirements for risk assessment
    • Content is frequently updated and shipped to users.
    • Web-based survey process – involves management and user community.
    • Quantifies risk and provides ROI metrics
    • Automated report generation including working papers and complete management-ready case summary report
  • RISKWATCH ® Risk Assessment Process Automated Survey Management Process Management Data Aggregation & Analysis Content (Rules & Data) Risk Analysis Customization Reporting Respondents Analyst
  • RiskWatch Clients             
  • RiskWatch is The First Choice in Security Risk Assessment Software
    • Proven Methodology - Field Tested with Users for over Ten Years.
    • Fully Automated Web-Based Survey Included
    • Completely Customizable by Users
    • Rated #1 by Gartner Group and Many other Analysts
    • First Choice for Top Tier Consultants
    • Validated by Major Government Agencies in U.S. Canada, Africa, Australia and Europe.
  • Why RiskWatch Stays Number One
    • “ What sets RiskWatch apart from its competitors is its focus on risk analysis for security management, its ability to handle large volumes of information, and its large number of customizable features”. -- Gartner Group
    • RiskWatch has Thousands of Users
    • Complete Technical Support – Gold & Platinum Levels of Support
    • Ambassador Program for Extra Support
    • Comprehensive Training Programs Monthly
    • On-Site Training Also Available by Request
  • RiskWatch Adds Business Continuity & Disaster Recovery Planning Integrating Risk and Recovery
  • RiskWatch Elevates IT Security Compliance Up to the Boardroom
    • Discovers and validates vulnerabilities present in the organization .
    • Directly measures compliance with current IT requirements ? RiskWatch for IS and ISO 27001 with SOX
    • Includes current threat level data.
    • Measures effectiveness of security controls.
    • Supporting budgeting for security by ROI.
  • Progress at a Glance – Tracks the Case
  • ELEMENTS OF A METRICS-BASED RISK ASSESSMENT APPROACH ASSETS THREATS VULNERABILITIES LOSSES SAFEGUARDS
  • ADAPTABLE FOR EITHER QUALITATIVE (COMPLIANCE ONLY) ASSESSMENTS OR FULL RISK ASSESSMENTS
    • Analyst has full control over type of assessment.
    • Allows users to conduct a variety of risk assessments:
      • Compliance Assessment Only
      • Risk Assessment Only
      • Both Compliance & Risk Assessment
      • With financial data or without
  • Use Inventory Information or Asset Configuration Tool based on Standard Capital Expenditures Allocation Tables
  • RISKWATCH PROVIDES AGGREGATED THREAT DATA OR INPUT YOUR OWN ORGANIZATIONAL DATA SUCH AS INCIDENT REPORT DATA
    • Quantified threat data is hard to find .
    • Categories of Threats:
    • Natural Disasters, Criminal Activity
    • Terrorism, Theft, Systems Failures
    • Collect data from Web Sources, government data, weather data, crime casts, global info services, access control systems, incident logs.
    • Use data from internally collected sources
  • THREAT TABLE IS FULLY CUSTOMIZABLE BY THE USER BASED ON INCIDENT DATA OR PEN TEST DATA
  • INCLUDES ALL RELEVANT VULNERABILITY AREAS
  • QUESTIONS CAN BE TAILORED BY THE USER AND CATEGORIES CAN BE SELECTED FOR EACH SPECIFIC ANALYSIS
    • Questions Follow Audit Format
    • Control Standard, Question Statement and Related Vulnerability
    • Users Set Threshold for Compliance
    • Each Question Measures Vulnerabilities
    • Users can Add, Delete or Modify Questions
  • YOU CAN SELECT QUESTIONS THAT MAP EXACTLY TO THE ISO-17799 STANDARD OR ANY OTHER STANDARD
  • Each question uses actual security regulations as control standards and is linked to appropriate Functional Areas
  •  
  • Respondents Can Answer Questions over the Web or from an Internal Server with full ASP functionality
  • Respondents answer questions based on their job categories -- most surveys have 50-100 questions
  • Blue shading shows which questions have already been answered.
  • or Use The New Web-Based RWSURVEY
    • Allows users to create and distribute surveys on a subscription basis and automatically sent out surveys
    • Questions Follow Audit Format
    • Control Standard, Question Statement
    • and Related Vulnerability
    • Users Set Threshold for Compliance
    • Each Question Validates Compliance with Standards
    • Users can Add, Delete or Modify Questions
    ANALYSTS CAN CUSTOMIZE AND CHANGE QUESTIONS
  • INCLUDES ALL RELEVANT IT CONTROL CATEGORIES
  • EACH POTENTIAL SAFEGUARD INCLUDES DEFAULT VALUES FOR COST, MAINTENANCE AND LIFE CYCLE
  • Data Aggregation & Analysis Financial Data Software Automatically Analyses Over 3 Million Linking Relationships Risk = Asset  Loss  Threat  Vulnerability Loss Delays & Denials Fines Disclosure Modification Direct Loss Asset Applications Database Financial Data Hardware System Software Threat Disclosure Hackers Fraud Viruses Network Attack Loss of Data Embezzlement Vulnerability Acceptable Use Disaster Recovery Authentication Network Controls No Security Plan Accountability Privacy Access Control Fines Disclosure Modification Fraud Loss of Data Acceptable Use Authentication Privacy Access Control
  • RESULTS FROM THE RISK ASSESSMENTS
    • Measurable data which can be benchmarked
    • Prove validity of findings with full audit trails and creates results in spread sheet format
    • Use of recognized statistical probability models
    • Creates a completely automated report , tailored for management
  • The Case Summary Report is a Word Document and is Pre-Written as a Management Report
  • EASY TO UNDERSTAND GRAPHS ILLUSTRATE OVERALL COMPLIANCE VS. NON-COMPLIANCE AGAINST A PUBLISHED OR INTERNAL STANDARD
  • Vulnerability Distribution Report Shows Percentage of Compliance by Requirement
  • Accompanying Spreadsheet Gives Complete Information about Answer Details Lists actual number of answers who indicated compliance or non-compliance.
  • Track Compliance by Role or by Name
  • Graphs and Spreadsheets also Detail Compliance by Standard
  • Reports Detail Asset Values for the Information Systems
  • ALE (Annual Loss Expectancy) reports include complete audit trails and powerful analysis tools to automatically analyze potential losses. Annual Loss Expectancy by Type of Loss
  • SAFEGUARD REPORT -- LISTS TOP TEN RECOMMENDED CONTROLS BY RETURN ON INVESTMENT
  • Return On Investment Graphs Link to Detailed Spreadsheets
  • Justifies the Security Budget by Demonstrating Cumulative Loss Reduction by Combinations of Controls
  • THE BOTTOM LINE
    • Risk Analysis Requirements for Information Security Systems are Increasing, Driven by Desire for Corporate Compliance
    • Measuring and Managing IT Security and Compliance by Return on Investment gives you the ‘ best bang for the buck’
    • RiskWatch is the best way to meet risk analysis requirements, self-assess compliance by requirement, quantify areas of weakness and focus security controls in the right areas and in the right amounts.
  • RiskWatch, Inc. [email_address] Caroline Hamilton 410-224-4773 x105 www.riskwatch.com