RiskWatch for Information Systems™ is the most accurate, comprehensive way to conduct governance, compliance and risk assessments based on international standards including ISO 17799, ISO 27001, COBIT 4.0 and Sarbanes Oxley (SOX). The RiskWatch for Information Systems™ software includes a simple web-based questionnaire application. This can also be used on an internal server, or hosted, to facilitate the gathering of responses from management and IT system users. Respondents simply answer the questions, and their answers are imported for analysis. Combined with a full threat assessment, control analysis and patented algorithms. RiskWatch automatically analyzes all data, and creates management reports detailing compliance vs. non-compliance, backed up with a complete set of working papers. Return on Investment is calculated for each safeguard and a Case Summary Report is generated to show Compliance vs. Non-Compliance, Protection Levels, Annual Loss Expectancy Data by Asset Category, Threat or Loss Impact Category. The report demonstrates which security measures are most effective for your organization, and which ones give you the most bang for your buck.
It can be installed on your desktop PC or network server and it eliminates 50%-70% of the work of doing a manual risk analysis. It includes an Asset Configuration Tool, based on a standard capital expenditures allocation, so that you can instantly populate asset information fields. Default data on threat frequencies, and the cost of applicable safeguards (controls) is included.
Here\'s What a Major Software Analyst Firm had to Say:
"RiskWatch is set apart by its focus on risk analysis for security management, its extensive knowledge base for all areas of security, its ability to handle large volumes of information, and the volume and flexibility of its customizable features. RiskWatch not only calculates risks through standards and universally accepted methodologies and technologies, but it also builds and provisions intelligent structures of enterprise policies, and regulatory and industry compliance for ongoing assessments and audits."
34. Data Aggregation & Analysis Financial Data Software Automatically Analyses Over 3 Million Linking Relationships Risk = Asset Loss Threat Vulnerability Loss Delays & Denials Fines Disclosure Modification Direct Loss Asset Applications Database Financial Data Hardware System Software Threat Disclosure Hackers Fraud Viruses Network Attack Loss of Data Embezzlement Vulnerability Acceptable Use Disaster Recovery Authentication Network Controls No Security Plan Accountability Privacy Access Control Fines Disclosure Modification Fraud Loss of Data Acceptable Use Authentication Privacy Access Control
35.
36. The Case Summary Report is a Word Document and is Pre-Written as a Management Report
37. EASY TO UNDERSTAND GRAPHS ILLUSTRATE OVERALL COMPLIANCE VS. NON-COMPLIANCE AGAINST A PUBLISHED OR INTERNAL STANDARD
39. Accompanying Spreadsheet Gives Complete Information about Answer Details Lists actual number of answers who indicated compliance or non-compliance.
43. ALE (Annual Loss Expectancy) reports include complete audit trails and powerful analysis tools to automatically analyze potential losses. Annual Loss Expectancy by Type of Loss
44. SAFEGUARD REPORT -- LISTS TOP TEN RECOMMENDED CONTROLS BY RETURN ON INVESTMENT