To shed light on the disruptions occurring in interpreting risks, Insights Success has enlisted “The 10 Most Trusted ERM Solution Providers, 2018”, which are providing an innovative approach and framework in identifying risks and resolving them.

1. ERMSolution Providers 2018
Most Trusted10The
Tech Trend
Network Scurity
Threats & Soloution
Ingo Ernst
4Stop GmbH
CEO & Co-founderCompany of the year
September 2018
www.insightssuccess.com
Editor’s Prespectives
Embedded Systems are Gaining
Popularity across all Domains

4. n old Russian proverb asserts, “It’s not the wolves you see that you should worry about the
Amost, it’s the one you don’t see.” Risk acts in the similar way. Thus, it has become extremely
important for organizations to identify threats that could jeopardize their business objectives
or any of the critical strategy.
Though risk is an uncertain phenomenon, still it can be used to fuel innovation. It acts an opportunity
to instigate the change, as by taking a risk centric approach businesses can formulate a strategy for
success. Hence, by incorporating an integrated approach, Enterprise Risk Management (ERM),
businesses are achieving their goals and objectives, even when they encounter obstacles. It is
considered to be a strategic driver that assists businesses with the assessment of significant risks and
the implementation of suitable risk responses.
Risk management is more about making informed decisions with keeping risk in mind, rather than
managing risks. Considering the enterprise-wide perspective, through a sound ERM, businesses are
revisiting the approach to corporate strategy development to introduce more agility, adaptability, and
responsiveness to emerging threats. Being a new management discipline, ERM is enabling businesses
to continuously monitor the changes in the environment to determine which could be truly disruptive.
Companies are able to easily predict and respond to the waves of disruption.
Editor’s Note
Utilizing ERM to
Diminish Enterprise
Risk Factors

5. To shed light on the disruptions occurring in interpreting risks, Insights Success has enlisted
“The 10 Most Trusted ERM Solution Providers, 2018”, which are providing an innovative
approach and framework in identifying risks and resolving them.
The listing includes AuditComply, a risk & performance platform developing comprehensive
solutions for managing risk, quality, compliance and Environment Health & Safety (EHS), all in
one centralized platform; JCAD, a leading company which is streamlining risk management and
continuously striving to provide a personal touch at all customer touch points whether it be at
point of sale, during implementation or subsequent support; Riskonnect, the provider of true
integrated risk management solutions; Allgress, a global provider of automated next-generation
integrated Compliance IT Security, and Risk Management Solutions for organizations and their
business partners to effectively and efficiently manage business risk.
Also, featuring as the company of the year is 4Stop, a leading fraud prevention provider,
headquartered out of Cologne, Germany solving businesses risk-based approach (RBA) through
a modern, all-in-one KYC, compliance and anti-fraud solution.
Also, make sure to scroll through the articles written by our in-house editorial team and CXO
standpoints of some of the leading industry experts to have a brief taste of the sector.
Let’s start reading!
Hitesh Dhamani

6. 4Stop
Onboarding Customers
with Efficient Fraud
Prevention Services
10
Tech Trend
Network Scurity
Threats & Soloution
Editor’s Prespectives
Embedded Systems are Gaining
Popularity across all Domains
Pitching Excellence Industry Intel
Allowing Regulated
Entitiesto Connect and
Structuretheir Data
Interpreting Risks
Minimizing the
Adverse Effects of Risks
Eminence at
the Edge
Articles
14 28 34
22 40

7. ContentsAllgress Inc.
Innovation of
Compliance and Risk
Management Solutions
20
AuditComply:
A Comprehensive Risk
and Performance
Management Platform
26
JCAD:
Streamlining
Risk Management
32
Riskonnect:
Anticipating and
Managing the Risks
across Enterprises
38

9. sales@insightssuccess.com
Corporate Ofces:
September, 2018
Database Management Stella Andrew
Technology Consultant David Stokes
Circulation Managers Robert, Tanaji
Research Analyst Patrick James
Steve, Joe, Alan, Ajay
Anish MillerManaging Editor
Art & Design Director Amol Kamble
Associate Designer Kushagra Gupta
Visualiser David King
Senior Sales Manager Passi D.
Business Development Executives
Marketing Manager John Matthew
Jenny FernandesAssistant Editors
Ishan Mittal
Art & Picture Editors BelinPaul
Co-designer Sumit Lunawat
KhannaJayant
Peter CollinsBusiness Development Manager
Sales Executives
David, Kevin, Mark, Mayank
SME-SMO Executives
Prashant Chevale, Uma Dhenge, Gemson, Prasad
Online Marketing Strategists
Alina Sege, Shubham, Vishal
Digital Marketing Manager Marry D’Souza
Technical Specialists Amar, Pratiksha
Technical Head Jacob Smile
Copyright © 2018 Insights Success, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in
any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights Success.
Reprint rights remain solely with Insights Success.
Follow us on : www.facebook.com/insightssuccess/ www.twitter.com/insightssuccess
We are also available on :
Insights Success Media Tech LLC
555 Metro Place North, Suite 100,
Dublin, OH 43017, United States
Phone - (614)-602-1754
Email: info@insightssuccess.com
For Subscription: www.insightssuccess.com
Insights Success Media and Technology Pvt. Ltd.
Off. No. 513 & 510, 5th Flr., Rainbow Plaza, Shivar Chowk,
Pimple Saudagar, Pune, Maharashtra 411017
Phone - India: +91 7410079881/ 82/ 83/ 84/ 85
Email: info@insightssuccess.in
For Subscription: www.insightssuccess.in
Executive Editor
Contributing Editors
Abhishaj Sajeev
Bhushan Ghate
Editor-in-Chief Pooja M. Bansal
Hitesh Dhamani

10. Address :
Country :City : State : Zip :
Global Subscription
Date :Name :
Telephone :
Email :
READ
IT
FIRST
Never Miss an Issue
Yes I would like to subscribe to Insights uccess Magazine., S
SUBSCRIBE
T O D A Y
Che should be drawn in favor of:ck INSIGHTS SUCCESS MEDIA TECH LLC
Insights Success Media Tech LLC
555 Metro Place North, Suite 100,
Dublin, OH 43017, United States
Phone (614)-602-1754,(302)-319-9947:
Email: info@insightssuccess.com
For Subscription: www.insightssuccess.com
CORPORATE OFFICE

11. Management BriefCompany Name
Allgress Inc.
allgress.com
Jeff Bennett
President & Co-founder
Allgress is a global provider of automated next-generation
integrated Compliance, IT Security and Risk
Management Solutions.
Audit Comply
auditcomply.com
Kevin Donaghy
CEO
AuditComply is a Risk & Performance Platform. Developing
comprehensive solutions for managing Risk, Quality,
Compliance and Environment Health & Safety (EHS).
cytegic
cytegic.com
Elon Kaplan
CEO
Cytegic’s ACRO implemented, organizations can utilize risk as
the metric for prioritizing remediation plans.
eCompliance
ecompliance.com
Adrian Bartha
CEO
eCompliance is the leading software solution for improving
worker participation in safety.
JCAD is a leading company streamlining risk management and
strives its customer with valuable points like point of sale,
during implementation or subsequent support.
Proactima is a leading company with good management
competence, methods and practical experience that delivers that
through consulting services, tools and training.
Riskonnect, Inc. is the provider of true Integrated Risk
Management solutions.
Vose Software offers an integrated suite of state-of-the-art risk
analysis and management tools that give decision-makers
access to comprehensive and precise risk information,
FourStop GmbH
4stop.com
Ingo Ernst
Co-founder & CEO
4Stop, a leading fraud prevention provider, solving businesses
risk-based approach (RBA) through a modern, all-in-one
KYC, compliance and anti-fraud solution.
JCAD
jcad.co.uk
Damian Crawford
Managing Director
Proactima
proactima.com
Trond Winther
CEO
Riskonnect Inc.
riskonnect.com
Jim Wetekamp
CEO
Soteria Risk LLC
soteriarisk.com
David Young
Founder
Vose Software
vosesoftware.com
David Vose
Director
Soteria Risk, LLC is a technology based consulting firm focused
on Enterprise Risk Management.
1
Most Trusted
Solution Providers2018
THE

12. Onboarding Customers
with Efficient Fraud
Prevention Services
“We make it easy
to stay compliant.
Ingo Ernst
CEO & Co-founder
4Stop GmbH
”
Company of the Year
10 |September 2018

13. Headquartered out of Cologne, Germany, Fourstop
GmbH (4Stop) is a global leading fraud
prevention provider that solves businesses risk-
based approach through a modern, all-in-one KYC,
compliance and anti-fraud solution. 4Stop brings together
trusted information, managed services, software and
expertise – an unrivalled combination into a single end-to-
end solution that helps businesses confidently anticipate
risk and empowers them to make well-informed decisions.
All backed by quantifiable data to confidently manage
regulatory obligations and fraud risk to accelerate their
business performance.
4Stop is designed to remove the cumbersome process of
managing KYC, compliance and anti-fraud on a global
scale, per localized regulation, and in a manner that does
not require multiple integrations and drain on business
operations, IT departments, costs or time to market.
Through a single
API integration
businesses have
access to hundreds
of premium global
KYC data sources to
support compliance
and risk mitigation
in a fail-safe, future-
proof, simplistic and
real-time manner.
Combined with their
proprietary anti-
fraud technology
that services
enterprise-level risk
management with dynamic risk checks and granular risk
analysis intelligence, businesses obtain a centralized global
view of risk and can dramatically improve their
authorization rates and stop fraud before it occurs. With
4Stop, businesses effortlessly not only are compliant, but
stay compliant, combat fraud and grow their business
globally with absolute confidence KYC and risks are
managed.
Enabling Organizations to Easily Activate Required
KYC
The 4Stops’ technology enables businesses to easily
activate required KYC for seamless compliance and secure
customer onboarding. Through 4Stop’s multitude of
available KYC data sources businesses can activate and
deploy required KYC in real-time for each and every
customer journey touch point. Combined with 4Stop’s
cascading KYC verification logic, customers are validated
in the most efficient and cost saving manner possible.
4Stop backs their KYC performance with real-time
intelligence and redundancy to ensure the best data
enrichment experience is obtained. Through their platform
back office 4Stop provides intel on all activated KYC and
its associated data on performance volume, history,
approval, warning and rejected rates by each data source
type and customer journey touchpoint. Paired with the
ability to review this data and apply advanced filters by
merchant, country region, payment method and/or channel,
businesses have full control on the data that is displayed to
optimise their review processes.
The 4Stop KYC solution has been designed to allow
businesses to rapidly expand around the globe and to ensure
compliance requirements are adhered to, regardless of the
evolution of our
regulatory landscape.
Preventing Fraud in
an Efficient and
World-Class Manner
4Stop’s proprietary
real-time anti-fraud
technology allows
businesses to monitor
their traffic from a
global centralized view
of risk with
quantifiable data and
real-time intelligence.
The multi-faceted risk
rules engine allows for dynamic checking and securing of
customers and their transactions. With over 800 pre-
determined rules, an easy-to-configure rules wizard, agile
free-form rule scripting, and cascading ‘what-if’ rules, risk
managers can establish endless rule configurations with
real-time system actions and apply the rules to a specific
merchant, sub-merchant, group, region, type, time-frame
and payment method. All while being able to run rule
simulation reports and deploy their rules in real-time.
Furthermore, 4Stop provides a data rich dashboard, detailed
customer and transactional queues, reports, granular
customer profiles and overall data risk analysis
recommendations to quickly and easily understand volumes
in conjunction with risk indications at all touchpoints in the
customer journey. Layered with advanced filters by
merchant, sub-merchant, processing channel, and /or global
11September 2018|

14. region, businesses can view their risk exposure and rectify
it in minutes.
Businesses that have utilized 4Stops anti-fraud technology
experience a 66.6% reduction in chargebacks in the first 2
months with an average of 81.5% approval authorization
rate. The 4Stop data science analysis tools amplify these
results by allowing quantifiable decisions to be made prior
entering a new region and/or allowing businesses to tailor
configured KYC and fraud prevention to optimize
performance and significantly reduce their exposure.
Committed to the Risk Management Industry
Ingo Ernst is the CEO and Co-founder of Fourstop
GmbH (4Stop). He is a committed Fintech entrepreneur
with excellent technical knowledge, operations
management and supervisory skills gained over 15+ years
through undertaking a
series of highly
challenging roles
within the risk
industry for large
international
organizations. This
experience in
conjunction with his
extensive
involvement in
developing risk
management and
compliance software,
gave him great
understanding and
reliability to
businesses KYC, compliance and fraud prevention needs,
with the ability to effectively establish a resolution to those
needs and adapt proactively to the risk landscape.
Through Ingo’s career he implemented numerous
operational processes and managed multi-discipline teams
across continents to improve overall business performance
output and team culture. Ingo is a charismatic leader with
the ability to engage and inspire his team to create impact
and help businesses achieve their risk mitigation goals.
All founding partners of 4Stop have a background in the
payment and risk management space. Having worked in
executive positions at acquiring banks, marketplaces and
large scale eCommerce businesses, together they come to
4Stop with collectively over 60 years’ experience and a
depth of knowledge to not only how the risk industry
functions, but the trends in its evolution.
Financial Institutions (FIs), banks and their customers are
constantly managing the ever-changing regulatory
landscape and trying to find new streamlined and cost-
effective methods to integrate changes when they occur.
The founders of 4Stop through their experience, identified a
need and developed 4Stop’s complete end-to-end solution
to streamline businesses management of KYC, compliance
and fraud prevention in the most cost-efficient, streamlined
manner possible, regardless of where they perform their
business across the globe.
Painting the Picture of Future
4Stop continuously expands its platform functionality and
offering. Currently 4Stop is fully MLD4 and PSD2 ready
for businesses and has
over 1800 active KYC
data sources and
continues to integrate
and aggregate API’s
ongoing to support
future regulatory
obligations. In the
coming year 4Stop plans
on continuing to enhance
their platform through a
series of new UI/UX
implementations to bring
the best and intuitively
simple experience for
their clients.
Additionally, 4Stop will
further enhance their proprietary anti-fraud technology by
including; an expansion of their advanced analytics and
analytic data reporting, behavior and machine learning,
advanced account association with premium logic and
ongoing expansions to their KYC data source hub. 4Stop
has been built to not only fully support todays KYC,
compliance and anti-fraud processes but for 2020 and
beyond.
“At 4Stop, we can have up to 2,000 data parameters for a
single transaction. If you multiply that by millions of
transactions per day or sometimes even per hour, it’s tough
for global companies trying to achieve instant payments
under PSD2 to stay on top. With our 4Stop platform we
make it easy and cost-efficient for businesses to effortlessly
manage and stay abreast of their risk, compliance and
fraud prevention processes.”- states CEO Ingo Ernst.
12 |September 2018

16. xecutive Summary
ESince Internet of Things technology
started to gain mainstream traction,
multiple platforms, solutions and
strategies have been developed. At the
moment there are more than 450
‘platforms’ commercially available.
Yet, realistically speaking, most of
these have been designed for a very
specific function on out-dated
technology and mostly down a vertical
application path.
Similarly, gateway players have
developed powerful gateway
technology with a portion that
generically aggregates data to the
cloud.
Why? Well, historically, technology
companies argued that the best way to
quickly create commercial value was
to develop a strong vertically
integrated application encompassing an
ecosystem of partners.
The quickest way to show value was to
focus on a vertical and go after it. We
have a different view.
once mass adoption took place. This
was followed by an implosion which
saw a huge number of concepts, ideas
and investments disappear. A similar
trend is developing in the adoption of
IoT and in digitalisation in general.
Part of the demise of this is because
they were too early on the initial curve
and either ran out of cash, were unable
to build what they said they could, or
saw new, sexier, more agile technology
drive competitors closer to adoption.
The .com bomb was a rationalisation
and a reality for companies and their
investors resulting in fortunes being
made and lost in the hype. Timing is
key in driving Big Tech. If you’re too
soon, you are potentially busy
developing a concept that will not only
age quickly but give competitors
plenty to learn from and piggy back off
The true power and differentiator
in IoT.nxt resides in our full IoT
stack capability encompassing the
edge and the cloud.
Background
Our thinking from the outset has been
that we wanted to adopt thinking and
develop tech that creates horizontal
interoperability between multiple
systems and platforms in a technology
agnostic manner.
In 2002, it was all about the cloud.
Amazon Web Services was launched
and, when OPC Unified Architecture
was released in 2006 enabling secure
communication between devices, data
sources and applications, adoption of
IoT began to rise. The early adopters
developed their projects with the cloud
in mind. The thinking being a simple
connected mindset where billions of
sensors will be deployed and easily
spin up supercomputers at low cost in
the cloud to process all of this valuable
Big Data… how could they go wrong?
During the .com bomb era, people ran
around with amazing ideas that they
thought would take over the world
Pitching Excellence
14 |September 2018

17. allowing them to develop better tech that is more relevant
and value driven. Often a cool idea is exactly that - a cool
idea, but without real substance it doesn’t get wide
commercial adoption. The commercial viability ultimately
sits with the ability of a product to produce ‘real value’,
whether quantitative or qualitative.
And then there are the guys who make it.
Amazon, Alibaba, Google. They were unprofitable for a
number of years before they started to bear fruit simply
because they played the long game. They saw past the hype
and created products of real value. They made sure they
will be relevant in future economies.
The Importance of Timing
Timing is everything, and tech is hard to time
We entered this market at the perfect time. Two years in,
our solution is strong and businesses at enterprise level are
rallying to adopt Big Data technology. They’re embracing
VR, AR, AI, cognitive, algorithmic machine learning
technologies as they become a reality.
As irrelevant solutions are being seeded out, the IoT.nxt
approach to the problem of IoT is making us a major
contender; cementing our position in the market.
If we look at the solutions currently available, we
understand more than most of these ‘platforms’ have all
been built in the cloud. Five years ago everything was in the
cloud, it is therefore unsurprising that it is still dominating
IT discussions.
Anyone who has, up until this point, embarked on an IoT
initiative, has probably
1. built a solution that resides in the cloud;
2. leverages the power of the cloud and its ability to
centralise and leverage processing power from the
supercomputers that exist there;
3. adopted a top down approach incorporating the
cloud as the central power behind the application.
The Competitive Landscape
Looking at the IoT industry and where the ‘competition’
and ‘incumbents’ are in the current IoT cycle, it is evident
that IoT development are in a perfect bubble that I believe
is not far from rationalisation. I think it will be less severe
than 2000 as I think investors have been more calculated;
but there certainly will be a correction in the not so distant
future. Driving my belief in this is that you need this type of
event for eminence to be created. People need to start
understanding where the true value lies. The companies that
have the ability to lock into this IoT business value
proposition and convert that into investor value will survive
and will gain eminence. There are a number of great
technologies and concepts available but only the ones that
are able to truly unlock value will remain.
What Sets us Apart
The IoT.nxt approach has been somewhat different, defying
the norm and, to date, it is my firm belief that ours is the
only company that has this unique approach. Addressing the
problems of interconnectivity from the bottom up, our
solution acknowledges the power of the cloud and Big data,
but also acknowledges that power is greatly diminished or
even nullified if the edge layer is not correctly managed.
Our definition of interoperability and data orchestration is,
at times, diluted by platform players claiming to provide the
same. They don’t.
The general platform interoperability discussion talks to
cloud interoperability. This is a hugely complex play that
causes massive headaches for some of the most influential
players as they try to fathom how to seamlessly integrate
multiple platforms. API’s are the talk of the day, with the
current solution to solving this dilemma, but it is simply not
sustainable or practical. On a whiteboard it might look great
having several platforms integrated via API and then
plugging into some ESB via microservices, but I challenge
to you to construct all of that and take into consideration the
small part all of these guys initially did not deem necessary
– the edge.
This methodology is hugely reliant on smart sensor
technology that has the ability to push data into the cloud.
There’s a heavy reliance on networks and, as a result,
‘platforms’ are struggling to grapple with edge technology,
all the while hopeful that a 5G, no, 20G network will
resolve this problem.
At almost all the international conferences we have
attended in the last 24 months the major discussion has
been Big Data and smart sensors, so most of the more
mature platforms have been designed around the premise of
them being able to receive data directly from the sensor.
15September 2018|

18. The problem now is how to talk back
to the sensor or machine and, more
importantly, how to do this cross
platform. An even bigger issue
creeping to the forefront of discussions
are regarding ecosystems in which near
real-time data feeds are crucial.
Yet still, the focus is on the cloud and
understandably so, especially if you
have invested millions into a
technology that is reliant on the cloud.
We do not believe this.
For some time now we’ve been saying
that the edge is eating the cloud.
We’re not implying that the cloud will
lose relevance. What we’re saying is
that a true IoT ecosystem will become
less and less reliant on the cloud and,
in fact, that ecosystem design will rely
heavily on edge capabilities.
A natural oversight, but a crucial detail
destined to form an integral part of this
industry’s ability to commercialise in
the near future. The IoT industry is
inhibited by an inability to create
interconnectivity and
interoperability at the edge.
Retrofit and Decrease the Barrier to
Entry and Sweat the Assets.
Correctly designed and engineered,
edge technology enables edge
interoperability and, more importantly,
the ability to retrofit into legacy
systems. Legacy systems, to a large
extent, were disregarded, with current
players relying on the ‘rip and replace
‘mentality that has governed and, to a
degree, plagued the IT industry since
the beginning, befuddling brands that
have become household names.
This mentality of winner takes all is
not congruent with the ideation of a
connected world and certainly does not
embrace the concept of true scalability.
Having to rip out and replace existing
technology and infrastructure on your
journey towards digitalisation
introduces a huge amount of additional
complexity, disruption and a cost, all of
which makes it a difficult sale to the
business, contributing to the slow
adoption rate of the 4th Industrial
Revolution.
So whilst the ‘big dogs’ are all trying
to figure how they can develop and
ensure technology lock-in to secure
future revenue, they’re contributing
towards the mixed message that is
being sent out to the market, diluting
the value of IoT technology as a tool to
unlocking real business value.
Value is a simple exercise for any
business leader – Look at expenditure,
then ROI. Satisfied? Great. Here’s the
next question - is it relevant to my
business?
All Data is not the Answer.
When we enter into discussions with
big companies, the issue of legacy
investments in technology at the edge
comes up without fail. Remember that
everyone is selling some type of cloud
platform that is going to ‘change the
business’, but that cloud engine is
reliant on edge data i.e. devices,
sensors, machines, protocols, PLCs,
SCADAs, CCTV, access control
systems - the list goes on and on.
Clients start considering negotiating
with each vendor and realising that,
much like when our 1000 piece holiday
puzzles has 1 missing piece can ruin
the picture and make the whole
exercise seem futile. It’s the same with
many of the algorithms and predictive
applications - the true power of these
platforms lie in their ability to provide
companies with insights. For this they
are 100% dependent on having the
correct, filtered, aggregated, curated,
secure, real-time data from the edge,
and they need all the pieces of the data
puzzle to build the Big Data picture.
In every environment, on every piece
of the puzzle there is information that
is critical to the task at hand, and then
there’s other information that isn’t
needed in real-time. Things like
whether a device needs to be serviced
in a weeks’ time, whether stock is
going to be depleted by the end of the
month, etc. Now consider a sensor
having a fixed normal range, and only
recording exceptions rather than all
data all the time - you’re able to reduce
the amount of data passed by around
60%- 90% in real time monitoring
environments, as a basic statistic.
We are throwing away the rule book.
While the rest of the industry
scrambles to figure out how to
showcase the exponential value of IoT
whilst also attempting to lock clients in
to their technology stack, we’re taking
the IoT rule book and throwing it out
of the window.
We don’t care what technology our
clients have now, and what technology
they will have in five years’ time. We
don’t talk about vendors, we talk
protocols. We’re driving our clients to
get to Big Data quicker, using what
they have, thanks to our trademarked
Raptor.
Raptor technology is the missing link
in most of the discussions around
digitalisation. A normalised, edge
layer of physical and virtual
intelligence that can be retrofitted,
deployed and connected seamlessly
into an ecosystem of existing
technologies and things, radically
reducing the cost and time of having
to develop multiple edge integrations
into disparate cloud applications.
The IoT.nxt Power-play
Being able to retrofit onto all deployed
devices, whether analog-, or IP-based
has a huge benefit.
16 |September 2018

19. Ÿ It reduces disruption to business processes,
Ÿ cost of implementation,
Ÿ cost of training,
Ÿ cost and impact of enterprise-wide change management,
Ÿ reduces vulnerability and cyber risk because of less
technology disparity at the edge,
Ÿ reduces data moving across the network that
Ÿ reduces the cost of the network and network congestion,
Ÿ reduces processing required at the cloud platform level as
the data has already been curated at the edge,
Ÿ reduces the cost associated with maintenance of edge
integrated gateways,
Ÿ has less attack surface at the edge as the gateways are
rationalised and
Ÿ simplifies real-time subsystem integration
All of this allows us to better leverage the power of our
cloud platform as we can now understand the up-, and down-
stream effects of an event-triggered occurrence and effect
dynamic and seamless recalibration and interoperability
throughout ALL edge connected devices.
We ensure that all the pieces of the puzzle are in the box, and
ready to be pieced together to create the big picture.
Conclusion
Edge normalisation of data at the edge gateway layer form
the foundation for rapid digitalisation and digital
transformation. The disruption that everyone talks about is
vested in the ability for an organisation to continue its
business but iteratively and rapidly start to address the core
issues within its business through digitalisation. This leads to
more visibility on a real-time basis allowing for dynamic
recalibration back into the business ecosystem to achieve
optimised levels of production and efficiency that bring
about change and new ways of doing the same thing, better.
Peer-to-peer intelligence and learning will further drive this
thinking – Raptor thinking - making us even more relevant
as the necessity to drive edge analytics and decision making
in critical business environments nullifies the cloud. Are you
with me?
If you control the edge you unlock the cloud, a bottom up
approach.
17September 2018|

22. Today organizations are staying ahead with
innovative solutions to proactively manage and
enhance the reliability of the business. By executing
its unique solutions and activities which help them to take
advantage of opportunities to grow in the competitive
business world organizations are finding new ways to tackle
risks. Analysis of risk and solving them also play a crucial
role in the transformation process.
Allgress Inc. is a global provider of next-generation
integrated risk management IT Security, Compliance and
Risk Management Solutions for organizations to manage
their risk posture. Its unified solutions automate processes
for assessment, reporting, monitoring, and remediation of
business risks with less complexity and also reduced
management costs. Unlike other solutions, Allgress’ award-
winning technology allows customers to derive quicker-
time-to-value without an army of consultants.
Allgress Addresses the Continuum of these challenges
with an Intergrated ERM Solutions Suite:
· Changes in technology, business evolution, new
and updated regulations plus hard requirements
demanded from third-party vendors will continue
to evolve at a fast pace.
· Organizations will continue to be challenged using
spreadsheets and manual methods of risk
management which will continue to raise financial
loses.
· Automated platforms will continue to evolve to
overcome the losses and challenges of dis-
connected risk management.
· Lack of agility to identify, communicate and
respond timely to changing risks and regulations.
· Complicated methods to integrate solutions
together so customers can utilize their existing
investments
Pioneers in Risk Management Expertise
Jeff Bennett, President, COO, and Co-Founder and
Innovation of Compliance and
Risk Management Solutions
Gordon Shevlin, CEO and Co-Founder,
Jeff Bennett leads Allgress’ Business Operations, Product
Direction, and Development. Jeff brings more than two
decades of Business Leadership, Product Development, IT
Security and Compliance industry experience to the
company. As an entrepreneur, he has founded and led
several companies, including digital defense services firms
SiegeWorks and SiegeWorks International. He also
frequently speaks at industry events to emphasis business
risk management solutions.
Jeff has also served on the advisory boards of other leading
security providers. He holds a Bachelor of Science Degree
in Business Administration from California State University
at Hayward.
Jeff and Gordon have a relentless drive to create a win-win
partnership with customers and company partners along
with the input of their internal teams to achieve innovative
product and solution expansion. The rapid pace of change
in business, technology, and computing requires creative
thinking to reduce business risk. True to their passion, their
efforts of keeping pace with the rapid change have
leveraged the Allgress platform to identify business risk
with less complexity and cost.
Wide Array of Cutting-Edge Solutions
Allgress provides an intuitive modular integrated risk
management platform comprised of shared services that
focus on helping customers and their partners to reduce
business risk quicker with less complexity and cost. Its Risk
Management platform includes data collectors, assessment,
workflow, reporting, and incident management to correlates
relevant data across regulations, assets, policies, controls,
processes and business elements of their organization and
partners to clearly identify potential business from a single
dashboard.
"We help our customers buy solutions by understanding
their specific use-cases regarding solving challenges that
Allgress Inc.
20 |September 2018

23. Jeff Bennett
President & Co-Founder
specifically focusing on their organization. We engage with
our customers to develop proof of concepts to determine to
solve their real-world risk management challenges then we
introduce new solutions and technology where there are a
business benefit and partnership to develop solutions
further," note Jeff Bennett.
Providing All-inclusive Platform
The current non-automated approach to risk, compliance
and third-party vendor management has led to increased
complexity and lack of accountability. Usage of disparate
spreadsheets, document, email and separate solutions has
led to disjointed solutions. This method of risk management
continues to put organizations at a greater business risk
because of the inability to assess, communicate and
mitigate risks.
This common scenario leads to the lack of common
platform services to enable automation and standardization
of managing the entire risk management lifecycle. That’s
where a common infrastructure enables the efficient and
cohesive management of risks by consolidating the
information from multiple sources to provide an intelligent
enterprise view aligned with business objectives.
Allgress provides a complete integrated Risk Management
Solutions Suite that provides a common infrastructure that
automates the entire risk, compliance and IT security, third-
party vendor process without the complexity seen in other
offerings.
Benefits of the Allgress Innovative Approach
· Flexible delivery options for rapid deployment
· Leverages data feeds from existing investments in
other business and technical solutions
· Visual representation of risk posture, compliance
status and state of third-party vendors that is easily
interpreted by different stakeholders
· Quick time to actionable results
· Intuitive GUI for the administer and user
· Simple License Model
Offering Unified ERM Solutions
Allgress is continuing to evolve its platform to
accommodate the changing environment by providing
features and functions to enable better decision making to
improve the risk management process and organizations
risk posture.
Endeavoring Future Goals
Allgress is continuously advancing its risk management
platform to automate more tasks and making it easier to
manage business risk with a focus on usability. The firm has
also enhanced its functionality according to the need of its
customers to supports new features of computing models
and technology. Allgress’s risk management platform has
the ability to continuously consume more IT data sources
and business metric data along with the goal of
incorporating artificial and business intelligence. It also is
an exemplary management platform that will contribute to
better risk management decision-making by taking
advantage of advancements in technology.
Reducing business
risk with less
complexity and cost.
”
”1
Most Trusted
Solution Providers2018
THE
21September 2018|

24. ovember 3, 1988, is considered as a turning point
Nin the world of Internet. 25 Years ago a Cornell
University graduate student created first computer
worm on the Internet, “Morris Worm.” The Morris worm
was not a destructive worm, but it permanently changed the
culture of the Internet. Before Morris unleashed his worm,
the Internet was like a small town where people thought
little of leaving their doors unlocked. Internet security was
seen as a mostly theoretical problem, and software vendors
treated security flaws as a low priority.
Today, there is a paradigm shift, Morris worm was
motivated more by intellectual curiosity than malice, but it
is not the case today. According to a 2015 Report, 71% of
represented organizations experienced, at least, one
successful cyber attack in the preceding 12 months (up
from 62% the year prior).
According to survey report, discloses that, among 5500
companies in 26 countries around the world, 90% of
businesses admitted a security incident. Additionally, 46%
of the firms lost sensitive data due to an internal or external
security threat. On average enterprises pay US$551,000 to
recover from a security breach. Small and Medium business
spend 38K.
Incidents involving the security failure of a third-party
contractor, fraud by employees, cyber espionage, and
network intrusion appear to be the most damaging for large
enterprises, with average total losses significantly above
other types of the security incident.
Let’s Take a Look at Recurrent Security Threats Types-
Denial of Service Attacks
A denial of service (DoS) attack is an incident in which a
user or organization is deprived of the services of a resource
they would normally expect to have. These attacks are very
common, accounting for more than one-third of all network
attacks reviewed in the report. A standard approach is to
overload the resource with illegitimate requests for service.
Brute Force Attacks
Brute force attack tries to kick down the front door. It’s a
trial-and-error attempt to guess a system’s password. The
Brute Force Attack password cracker software simply uses
all possible combinations to figure out passwords for a
computer or a network server. It is simple and does not
employ any inventive techniques.
Identity Spoofing
IP spoofing, also known as IP address forgery. The hijacker
obtains the IP address of a legitimate host and alters packet
headers so that the regular host appears to be the source. An
attacker might also use special programs to construct IP
packets that seem to originate from valid addresses inside
the corporate intranet.
Browser Attacks
Browser-based attacks target end users who are browsing
Threats
NETWORK SECURITY
Threats
&
SolutionsSolutions
Editor’s Prespectives
22 |September 2018

25. the internet which in turn can spread in the whole enterprise
network. The attacks may encourage them to unwittingly
download malware disguised as a fake software update or
application. Malicious and compromised websites can also
force malware onto visitors’ systems.
SSL/TLS Attacks
Transport layer security (TLS) ensures the integrity of data
transmitted between two parties (server and client) and also
provides strong authentication for both sides. SSL/TLS
attacks aim to intercept data that is sent over an encrypted
connection. A successful attack enables access to the
unencrypted information. Secure Sockets Layer (SSL)
attacks were more widespread in late 2014, but they remain
prominent today, accounting for 6% of all network attacks
analyzed.
Network Security is an essential element in any
organization’s network infrastructure. Companies are
boosting their investments in proactive control and threat
intelligence services, along with better wireless security,
next-generation firewalls and increasingly advanced
malware detection. The U.S. Federal Government has
spent $100 billion on cyber security over the past decade,
$14 billion budgeted for 2016.
Increased use of technology helps enterprises to maintain
the competitive edge, most businesses are required to
employ IT security personnel full-time to ensure networks
are shielded from the rapidly growing industry of cyber
crime. Following are the methods used by security
specialists to full proof enterprise network system-
Penetration Testing
Penetration testing is a form of hacking which network
security professionals use as a tool to test a network for any
vulnerabilities. During penetration testing IT professionals
use the same methods that hackers use to exploit a network
to identify network security breaches.
Intrusion Detection
Intrusion detection systems are capable of identifying
suspicious activities or acts of unauthorized access over an
enterprise network. The examination includes a malware
scan, review of general network activity, system
vulnerability check, illegal program check, file settings
monitoring, and any other activities that are out of the
ordinary.
Network Access Control
Network Access Controls are delivered using different
methods to control network access by the end user. NACs
offer a defined security policy which is supported by a
network access server that provides the necessary access
authentication and authorization.
Network Security is a race against threats, and many
organizations are a part of this race to help enterprises to
23September 2018|

26. secure their network systems. Organizations like IBM, Symantec, Microsoft have created solutions to counter the global
problem of network security threat. These cutting-edge products show genuine promise and are already being used by
enlightened companies.
Good Network Security Solutions Traits
A real security solution should have four major characteristics;
Detect Threats
Targeted attacks are multi-faceted and specially designed to evade many point technologies attempting to identify and
block them. Once they are inside, the only way to find these cyber threats is to understand the behavior of the individual
attack components and use analytics to understand their relationships.
Respond Continuously
Today it is not important that an organization will be attacked, but important and more crucial is to identify when and
how much they can limit the impact and contain their exposure. This means having the capability to respond quickly
once the initial incident has been discovered.
Prevent Attacks
Malware is gettings quick-witted day by day. They utilize heuristics to change their code dynamically. A capable
solution should have an adaptive architecture that evolves with the changing environment, and threats today’s business
faces.
Integration
Today’s threats have multiple facets, and a single software or solution is not sufficient. Protection system should have
the capability to integrate with other security tools from different vendors to work together as a single protection system,
acting as connective tissue for today’s disjointed cyber security infrastructure.
Solutions In Market
Like infectious diseases, cyber threats will never be eradicated entirely, but they can be better contained and understood,
and their effects minimized. How can this be achieved? IBM has built an enterprise-level “immune system,” an adaptive
security architecture to battle today’s cyber pathogens. IBM has developed a vast fleet of products, QRadar, X-Force
Threat Intelligence, Trusteer Pinpoint Malware Detection, IBM Threat Protection System a dynamic, integrated system
to meddle the lifecycle of advanced attacks and prevent loss.
The IBM Threat Protection System integrates with 450 security tools from over 100 vendors acting as connective tissue
for today’s disjointed cyber security infrastructure.
Symantec is another major player in catering enterprise network security systems with Symantec Advanced Threat
Protection. Symantec ATP operates via a single console and works across endpoints, networks, and emails, integrating
with Symantec Endpoint Protection (SEP), and Symantec Email Security cloud, which means organizations do not need
to deploy any new endpoint agents. Symantec says, ATP is the only threat protection appliance that can work with all
three sensors without requiring additional endpoint agents. With ATP, Symantec’s goal is to deliver end-to-end threat
protection, prevention, detection, and response in a single pane of glass, offering more value to businesses than
individual point products can provide. Symantec Advanced Threat Protection combines multiple layers of prevention,
detection, and response.
24 |September 2018

28. Risk is one of the fatal flaws, organizations often
witness. Unmanaged risks can become the greatest
source of waste in a business as well as the
economy as a whole. Identifying risks and analyzing them
in a planned and organized manner has become a requisite
for the successfully completion of projects for every
organization nowadays. Thus, a discipline or a strategy of
interpreting and managing risks must be undertaken by
businesses in order to avoid the adverse affection of risks
and compliances in the operations or processes of the
organization. Taking this scenario of the market into
consideration, a risk and performance management
platform, AuditComply, is developing comprehensive
solutions for managing risk, quality, compliance and
Environment Health & Safety (EHS), all in one centralized
Risk & Performance platform.
A Centralized Platform
The company, which has grown rapidly since it was set up
in 2014, provides software and services to organizations
operating within highly regulated industries such as
aviation, automotive, finance, healthcare and
manufacturing. A list of large customers include Autoliv,
Coca-Cola, Belfast Health & Social Care Trust, Sysco and
Bushmills. Recently AuditComply was awarded a place on
the G-cloud government framework and was shortlisted for
Risk Management Software of the year at the CIR Risk
Management awards.
The fast growth of AuditComply in the last 4 years comes
from its ability to deploy its solution into an organization’s
processes within minutes. AuditComply counts in hours
and minutes, instead of months and years. It has a single
solution designed for multi-site global deployment with
local management. Its comprehensive & configurable
enterprise workflow and desktop/mobile app are the
perfect match for providing greater flexibility and
visibility, instant reporting and real-time insights. Through
this, the company gives organizations the ability to
embrace change every day without software vendor
intervention.
Servings Shaping the Future of Risk Management
AuditComply is a data-driven and SaaS-based solution to
monitor risk and controls, spot hazards/issues, mobilize
action and measure performance. The company’s powerful,
scalable, and advanced analytics engine is trusted
worldwide by organizations, as it helps them in uncovering
data insights to drive better business decisions. Its data-
intensive and high-level management software is suitable
for manufacturing, government bodies, food, aviation,
automotive and healthcare industries.
“Our world class development team gives AuditComply a
competitive edge within the market. Their continuous high
level of innovation has acted as the catalyst for an
extremely successful year for the company” said Richard
Wilson, Marketing Manager at AuditComply.
Organizations operating in regulated industries face an
ever growing and increasing challenge to demonstrate
compliance, manage and mitigate risk, whilst maintaining
AuditComply:
A Comprehensive Risk and
Performance Management Platform
AuditComply:
26 |September 2018

29. and exceeding quality levels. To this
end, AuditComply is driven by this
opportunity and challenge and one that
it truly has an innovative solution to.
The company is shaping the future of
risk management, adding value from
day one for their clients and ultimately
building a platform that allows for
digital transformation whilst enabling
business process optimization. It meets
the demand for the need to detect,
report and manage processes in an
intelligent system approach.
A Tech Enthusiast
A Techno geek, Kevin Donaghy,
CEO, founded AuditComply with an
aim of shaping the future of enterprise
risk management.
Kevin has led teams and companies
from the earliest stages of development
through commercialization and hyper-
growth phases. He started his career
with WPDS in San Diego as a software
engineer focused on Equipment
Configuration Management systems
for air forces across the globe. He
quickly progressed to run multiple
teams for Spirent Communications
both in Ireland and the US. Kevin then
founded Swan Labs which specialized
in WAN optimization and was acquired
by F5 Networks in 2005. In 2007, he
founded Replify which focused on
mobility optimization and
virtualization. Through his own
consultancy, Kevin has worked for web
security firm Blue Coat Systems on
mobile optimization strategy and on
multiple projects from mobility,
security and virtualization to online
GRCl platforms. Kevin holds a PhD in
Computational Fluid Dynamics from
Queen’s University Belfast. Kevin
holds a PhD in Aeronautical
Engineering, an MSc in Computational
Science and a BSc in Mathematics
from Queen’s University Belfast.
Moving towards the Vision
AuditComply has a great vision of
what a risk and performance
management platform can have for
their customers. It can truly transform
and manage risk in real-time for large
organizations, adding to their
bottom line through improved
supplier due diligence and on-
going assessment, better internal
quality control and ultimately
better custom service.
AuditComply’s future goal is to
become the leading platform in
the risk and performance
management, with the ability to
consolidate document
management and governance
risk/compliance demands and
requirements into the one
platform. This will transform how
they manage risk through fully
connected drivers of policies, to
the assessment and management
of the evidence seamlessly.
Customers Expressing their
Satisfaction
“AuditComply’s solution has
greatly improved our productivity
for both internal audits and
production checklists. We found
the assistance in moving existing
audits to their solution excellent
and seamless. Their approach and
services simply work” - Michael
Caughey, IT Support Specialist,
Bushmills
“AuditComply is playing a crucial
role in changing the risk, quality
compliance culture. A world-
class system, a game changer in
our industry. We required a
solution that was mobile,
automated our data and could be
accessed in real time to ensure we
are meeting quality standards
across the supply chain.” - Johnny
Elgin, Technical Manager, Sysco
AuditComply continues
to see rapid growth
year on year. Listening to
our customer’s requests
and working towards
delivering a product
that exceeds their
expectations is vital. It
is amazing to be part of
such a fantastic team,
building a solution
that really meets
both the market and
customer demands.
“
”
—Kevin Donaghy
CEO
27
1
Most Trusted
Solution Providers2018
THE
September 2018|

30. W
hat are the latest trends in business world? An
impressive raise in regulatory, compliance and
risk management requirements together with
an exponential growth of data that corporations struggle to
manage. The idea behind Governance.com is a spot-on
observation and vision of our founders, Bert (CEO) and
Rob Boerman (CTO) to allow regulated entities to connect
and structure their data.
As a Regtech, our purpose is to allow our clients to
structure and simplify their data and control their business
by building their workflows, checklists and activities
around it. Governance.com is a totally flexible and
customizable central system which can be interfaced with
legacy and external systems of our clients. All their data
and operational flows are centrally linked and easily
accessible via our platform. This explains our continuous
growth and recognition among the industry (winning
Fintech of the year Award in 2016 in LU, included on
Fintech 50 2018 and Global 100 Regtech in 2017).
We all know that a revolutionary vision and performant
system do not guarantee commercial success. Regtech is a
relatively young concept which has to show all its potential
and concrete value to traditional companies. I truly believe
that the key for a successful collaboration lies on an open
and transparent communication. The biggest concern and
pain point of Regtech companies is the lengthy decision and
procurement process of the companies. There is no point to get
frustrated on this as we have no control on this process. I
believe the optimal way to build long-lasting relationships is
to focus on the challenges, needs and culture of our clients. An
intensive risk assessment, a multi-layer decision taking and
procurement process is part of the DNA of the regulated
companies we are talking to. So, either deal with it or stay
aside for Regtech CCOs.
This is one of the first strategic decisions I have taken as
Commercial Director: rather than beginning to talk how
marvelous and innovative our solution is (and I truly believe
Governance.com is an awesome platform) we always begin
discussions by asking our contacts:
Ÿ How do you manage your business?
Ÿ What would you like to achieve with it?
Ÿ What are you biggest pains?
st
Ÿ Who are the users? What is the 1 thing they will do on
Governance.com?
Based on their feedback, second step is to show the features
and functionalities of our platform adapted to their needs.
During the advanced negotiations phase, we aim to underline
our concrete support and value:
28 |September 2018

31. Olus Kayacan, CCO of Governance.com, has over 20
years of experience in Financial Markets including prime
brokerage and asset management with a substantial
network of Institutional Investors, Retail and Private
Banks, Brokers, Asset managers, Family O ces and
Corporates. His career has allowed him to meet
extremely exciting, interesting and professional
individuals every single day. He has successfully
participated to the launch development of
several businesses and overachieved commercial
targets on each of them.
Ÿ Define together the Return on Investment of the project:
our aim is to achieve 600% ROI within 3 years
Ÿ Focus on Simplicity of our platform: our motto is that a
system is useful and will be used massively if it is
simple to use
Ÿ Propose Agile and timely Implementation: tech means a
quick, easy and efficient deployment
Ÿ Close follow-up of their activity: our Business Support
experts are easily accessible during the entire process
and afterwards to assist our clients in case of need
This approach is the key for the strong and long-term
relationships.
It is also vital to integrate the decision-making and
procurement variables very early in the process. Regtech is
a new concept and Senior Management and Decision-
Makers are sometimes informed of the procurement process
once they have decided to use our platform. A pro-active
and continuous support is the key to be able to work with
them quicker and help them throughout the process.
This, I believe, is the reason of our success and our
shortened relationships activation compared to our industry
standards. We are all so proud to be part of this exciting
adventure, which allowed us to grow from 2 to 17 FTE with
offices in Luxembourg and the Netherlands
We have many exciting challenges for the upcoming year:
Ÿ Continue our international expansion by partnering with
high-quality organizations and direct presence via local
offices. We plan to be present in the UK during 2018
and extend to US and Asia during 2019 to get closer to
our clients worldwide.
Ÿ Ensure continuous enhancement of our functionalities
by listening to our clients
Ÿ Implement Machine Learning and AI functionalities we
are working on our platform
Financial Regulation and Compliance costs around 780 BN
$/year: 1% of Worldwide GDP! This is why it is so exciting
for me to work within tech and being able to participate to a
sustainable economy by providing a cost-efficient, safer and
user-friendly solution!
Governance.com
29September 2018|

34. Every organization,
large or small,
across every sector,
needs to understand and manage the
threats to achieving its objectives. Over
the years, ERM has continued to grow in
importance. In the opinion of JCAD, risk
management used to be a tick box exercise that
would be completed, perhaps shared with a couple
of stakeholders and not looked at again for another 6
months or so.
Now, the business pace has quickened and become more
complex. The significant technology enhancements
available today make the world much more accessible and
this in turn makes the risks facing an organiza on vast.
Events have a much more immediate effect on
organizations too, partly down to the visibility and
accessibility that social media and smart phones bring.
Compliance and legislation have had to tighten due to these
changes, for example, changes to data protection (GDPR).
Risk management is less about managing risks and more
about making informed decisions with risk in mind. This
approach has allowed risk management to be considered as
a business wide concern rather than siloed as its own
department. JCAD’s risk management solution, CORE,
allows for any risk to be linked back to strategic objectives.
This centralized solution allows for consistent information
to be available to the whole business and for more informed
decisions to be made.
A family-owned business, JCAD envisions becoming a
globally recognized brand delivering cost effective business
assurance, claims handling and risk management
technologies. This confidence stems from over 25 years of
successful software development and a client base of over
200 organizations all of whom recognize the value that
JCAD brings to their business. JCAD continuously strive to
provide a personal service at all customer touchpoints
Streamlining Risk Management
Damian Crawford
Managing Director
JCAD:
32 |September 2018

35. whether at point of sale, during implementation or
subsequent support. In fact, it is JCAD’s friendly team of
consultants and developers that are the firm’s greatest asset
ensuring that products are innovative, easy to use and
well supported; in this way clients improve efficiency,
productivity and thus save money.
Delivering Intuitive, Functional and Long
Lasting Products
JCAD develop two distinct business
applications, CORE, which provides enterprise
risk and compliance management and LACHS,
which delivers claims handling functionality. Both
systems have been developed with input from our client
and prospect base thus ensuring that the systems are easy to
use, functionally rich, cost effective and quick to
implement. In Damian Crawford’s opinion the decision to
focus on ‘off the shelf’ solutions is what has made JCAD so
successful, that and great customer care. “We took the
decision many years ago to concentrate on delivering robust
solutions straight from the box. This makes implementation
far quicker and training much easier as all clients utilize the
same suite of tools in pretty much the same way with
minimal disruption”. The company offers a standardized
approach that replicates industry best practice but also
enables a level of configuration of certain elements that are
client specific.
Taking Family Business Further
As a family-run business, John Crawford founded the
company in 1991. Having now retired, John has passed the
mantle to his two sons, who now lead the company. One of
his sons, Damian Crawford, serves as the Managing
Director of the company. Damian’s role involves
overseeing the continued development of its company,
employees and customers. Alongside this role, he also
heads up JCAD’s product design and development. Having
been with the company since 1995, he has a full
understanding of its customers claims handling and risk
management requirements with his key aim to continue to
listen, deliver and exceed expectations.
Paramount Lessons Learned
JCAD believes in sticking to one or two technologies and
doing them well. According to the company, keeping things
simple is more likely to engage users than an overly
complex tool that can at best confuse and at worst alienate
stakeholders. Over the years, it has also learned that client
communication is the vital component to run a successful
business. It understands the customers’ problems and
provides simple solutions.
Client testimonials
“The Council required a better way of managing its risks,
rather than the disjointed arrangements we had using Excel
and Word. JCAD CORE has enabled us to report with the
most current data across strategic, operational and
programme/project risks. It has the flexibility in the format
of reports, so we have a ‘corporate’ look but enables
bespoke reporting that is designed by our own JCAD
administrator.” - Pam Pursley, Risk Manager, Somerset
Council.
“The team was very helpful during implementation and
continues to be very responsive to questions. Even with our
6-hour time difference, they make it work. We are very
pleased with the product and use it as an electronic database
of our enterprise risks.” - Joda Morton, Risk Manager,
University of Illinois.
We aim to have a
measurable and positive
impact on our clients’
business performance and
processes to help them
achieve business growth.
‘‘
1
Most Trusted
Solution Providers2018
THE
33September 2018|

36. Has the number of security issues you deal with on a
routine basis ever made you feel a bit like Atlas carrying
the world on your shoulders? I can’t tell you the number
of conversations I’ve had with discontented security practitioners
who lament to me the woes of trying to speak with management
about the latest Heartbleed or Spectre/Meltdown vulnerabilities and
‘management just doesn’t understand’. Even worse, when
management inevitably turns a blind eye to the issue, the security
practitioner worries that they’ll be searching for a new job if
the vulnerability is ever exploited. As the Information
Security Program Owner at National Instruments for over
eight years, I frequently find myself offering up the
following bit of advice to my compatriots who are
struggling with what to do in this situation.
When I first started the security program at National
Instruments, I had these same feelings of anxiety. The
tools that I was using to scan our networks, systems,
and applications were coming up with vulnerabilities
left and right, but there were few things that I had the
ability to fix. I had to go to another team, explain what
had been found, and then I had to somehow try and
convince them that they needed to fix it. In some cases
they humored me, but in many cases the result was that
my vulnerabilities were just another bug that they’d get
Minimizing the
Adverse
Effects
of Risks
Josh Sokol
Creator CEO
SimpleRisk
34 |September 2018
Interpreting Risks

37. to when they had time. The weight of all of these
unmitigated issues was crushing me. I knew that if I
didn’t find a better way to do things, then I wouldn’t last
long in that role.
I quickly came to realize that my role as a security
practitioner never was to fix the vulnerabilities that I
found. That was the function of the application
administrators. Nor could I control the resources and
roadmaps which determine the prioritizations of the
various mitigations. That role belongs to members of the
business. My primary function as a security practitioner
was to assist in identifying the issues, advise on how to
mitigate them, and ensure that the right stakeholders are
aware and educated so that they could make the most
informed decision possible for the business. In short, my
role was that of a risk manager and my job was to drive
visibility and accountability of the risks the organization
is accepting to the stakeholders who are accepting them.
To formalize the processes around my newly found risk
management role, I did quite a bit of research around
what others were doing. Eventually, I stumbled across
the NIST SP 800-30, a Risk Management Guide for
Information Technology Systems. I’ll admit that it
wasn’t the most titillating document I’ve ever read, but
the content really helped to solidify what our risk
management process needed to look like.
To start with, I needed a way to track all of the risks that
we were collecting through various assessment processes
in our environment. This system, typically referred to as
a risk registry, would become the aggregation of risks
found in our organization through vulnerability
assessment, auditing, interviews, vendor notifications
and many other sources. In order to be successful, I
needed a system that everyone could access quickly and
come across a risk in their environment and a system that
allowed them to enter a minimal amount of data about
the risk so that they could get right back into what they
were doing when they identified the risk. I would then
use that information to later populate the details myself
or to schedule time on their calendar to fill me in. My
system also needed a way for me to understand the
prioritization, or risk level, of the risks I was capturing.
Once the risk had been recorded, I needed a way to track
how we were going to handle the risk. Possible options
ranged from accepting the risk because the likelihood
and impact were within what we considered to be a
tolerable range to planning some sort of mitigation for
the risk. I needed a way to understand the level of effort
involved so we could balance those costs against the risk
level.
If my ultimate goal was to drive visibility and
accountability up the chain of management, my last step
was to have a process for who would perform a review
of the risks. I decided to use a combination of the team a
risk is assigned to and the risk score. Since risk
management is designed to be a cyclical process with
risks re-evaluated on a routine basis, I also used the score
to determine how often the risk would be reviewed.
Most of the organizations I speak with these days about
risk management start out using complicated formulas on
excel spreadsheets, but there are tools called
‘Governance Risk and Compliance’ (GRC) that can help
you with this endeavor. There range options from open
source tools like ‘SimpleRisk’ to more expensive options
like ‘Archer’. It depends on how complicated you need
your workflows to be and how many resources you can
afford to spend to run the program.
I started this discussion with the person telling me that
‘management just doesn’t understand’. The fact of the
matter is that management doesn’t understand because
they weren’t speaking the same language. Your business
understands risk because they use it every day to make
calculated decisions about the investments it is making.
Risk is the language of business and shifting the focus of
your conversations to risk will ensure that everyone is on
the same page and that you are not only viewed by
management as an excellent communicator, but also a
stellar security professional helping to guide the
organization in proper risk management. Not only that,
but you will sleep better at night after shedding that
weight off your shoulders and placing it back on the
solid risk management foundation on which it belongs.
35September 2018|

40. Many organizations are sensitive to the inherent
risks in their businesses, and constantly struggle
to enable a continuous flow of feedback on
residual risks and solutions.
But, in many ways, the stakes are higher, and the risks are
greater today. Simply put, to remain competitive today,
corporations must consider risk management as a critical
component of their operations. Without it, a firm can hardly
define its future objectives. And if a company defines its
objectives without taking the risks into consideration, it
may lose its direction if uncertain risks hit their operations.
Riskonnect identified this ongoing scenario, and started
helping organizations address it through an integrated risk
management platform. Riskonnect was founded with three
elements in mind: being a customer-centric organization,
serving as an application of leading technology, and
enabling organizations to manage all types of risk.
An Integrated Risk Management Platform
Riskonnect is the trusted, preferred source of integrated risk
management technology. The company offers a growing
suite of solutions on a world-class cloud computing model
that enable organizations to better manage risks across the
enterprise. It is a sophisticated technology platform
delivered on SaaS basis that covers both insurable and non-
insurable risks. It allows organizations to holistically
understand, manage and control risks to operate more
efficiently and positively impact shareholder value.
Riskonnect’s highly configurable technology is ideal for
forward-thinking organizations facing increased scrutiny
and accountability for corporate governance, strategy and
strategic risk. The company’s solutions help their customers
plan and respond intelligently to risks that could potentially
harm an organization and its corporate reputation.
An Industry Veteran
As the company’s innovation continues to advance, so does
its leadership. Jim Wetekamp recently joined the
organization as CEO. He has more than 20 years of
extensive experience in leading organizations. Before
Riskonnect, Jim was CEO at BravoSolution, a Chicago-
based cloud procurement solutions provider for three years.
He led the firm to an increasingly global footprint with a
continuing profitable growth.
Jim’s hiring came on the heels of a strong first quarter for
Riskonnect, including being named as a Leader in The
TM
Forrester Wave : Governance, Risk, and Compliance
Platforms, Q1 2018, and a finalist in the Atlanta Business
Chronicle’s 2018 Pacesetter Awards.
Responding Risks through its Unified Solutions
Riskonnect’s integrated risk management technology
solutions address insurable and non-insurable risks,
enabling organizations in various vertical markets to make
informed strategic decisions by tracking, analyzing,
connecting and mitigating risks along with a holistic view
of risk management.
Its broad range of solutions includes enterprise risk
management, risk management information systems, health
and safety management, audit management, compliance and
regulatory management, vendor risk management, business
continuity management, and healthcare risk management.
In addition, Riskonnect offers a single, unified, and
automated risk-assessment tool that provides critical insight
into all the strategic and operational risks across the
enterprises to align with the risk tolerance of the
organization. Its integrated risk management addresses risks
across a variety of levels in the organization, including
strategy and tactics, covering both opportunities and threats.
38
Anticipating and Managing the
Risks across Enterprises
M
|September 2018

41. Designing the Future of ERM
Successful ERM programs will require GRC technology to
improve executive-level risk awareness and visibility and to
drive action at the operational levels. Many organizations
feel compelled to embrace ERM due to regulatory
demands, while the company believes that all the
organizations must employ the innovative program.
An effective ERM program can serve as the ‘voice of
reason’ in the executive suite. Effective ERM programs
provide a platform for organizations to evaluate decisions
about reserves, investment levels and funding of key
initiatives. Thus, ERM programs should expand their use of
data and analytics, instead of simply studying a single event
that had a significant impact to a series of events that have a
significant impact. Additionally, risk management
organizations should monitor trending events in an attempt
to solve the problem sooner, which results in having a more
positive financial impact on the organization.
Riskonnect’s vision is to continue to grow in scale that is
measured by the breadth of its offerings across the risk
spectrum, the breadth of its reach in terms of industries and
geographies, and the depth of its value-added experience
and support to drive customer success.
Statements of Appreciation
“With Riskonnect, there is more time to focus and spend
more time on the analytics as opposed to the data
gathering.”- National Food Company
You all have designed, developed, tested and
implemented a risk management Information
System with deployment to 37 countries
(including developing the training
materials and training almost 100
users in those countries) in just 5
months! You guys are awesome,
and while we still have worked to
do, I want you to know how proud
I am of what has been done and
how much I appreciate all those
midnight hours spent on
bringing this project home.”-
Jackie Hair, Executive Director,
Risk Management - Corporate
Ingram Micro, Inc.
1
Most Trusted
Solution Providers2018
THE
“We are the
trusted, preferred source
of Integrated Risk
Management technology.
”— Jim Wetekamp
CEO
— Jim Wetekamp
CEO
39September 2018|

42. n today’s emerging world,
Isystems have bought an ease of
work due to its inherent
advancements and features. The
embedded system is one of the most
imperative subjects in the digital
world. Thinking about technology,
daily lifestyle essential devices like
mobile phones, tablets and laptops
come to our mind, but the internal
features is not known to most of us.
The presence of these devices is
almost inevitable in all facades of the
human endeavor. In order to
understand more about the operations,
functions and features of embedded
systems, it is defined here ahead.
Embedded Systems -It is an electronic
system incorporating hardware
integrated circuit with software
programming techniques for
delivering various projects solutions.
The main advantage of using an
embedded system is it helps to reduce
the complexity of the circuits which
becomes expedient. It also offers a
cost effective and an appropriate size
which is suitable for the system. This
electronic system can perform single
or multiple tasks based on the
application. An embedded system
consist of hardware such as power
supply kit, central processing unit,
memory devices, timers, output
circuits, serial communication ports
and system application specific circuit
components and circuits.
Types of Embedded Systems
The Embedded systems are classified
into categories such as
· Based on its performance and
functional requirements
· Performance of the
Microcontroller
The category- based on its
performance and functional
requirements are classified into four
types that are Stand alone, Real time,
Networked, and Mobile embedded
systems. Further, the category-
performance of the microcontroller is
classified into three types that are
small scale, medium scale and
sophisticated embedded systems.
An Excellent Application Provider
The embedded systems are highly
applicable as it is a special-purpose
system due to its unique
characteristics. It is used in a
diversified area of things as its
components and functions of
hardware and software are different
for each system. It is applicable in
areas like communication, space,
transportation, robotic systems, and
home appliances and many more.
EMBEDDED
SYSTEMS
POPULARITYARE
GAINING
ACROSS ALL DOMAINS
40 |September 2018
Tech-Trend

43. Real Time Applications of Embedded
Systems
As it has a vast variety of application
domains it differs from high expense
to low, consumer electronics to
industrial equipment, academic
equipment to entertainment devices
and from weapons to medical
instruments and aerospace control
systems. Here goes some of the
categories embedded systems are
used:
Ø Consumer electronics- Mobile
phones, videogame consoles,
digital camera
Ø Household appliances- Washing
machines, microwave ovens,
refrigerators
Ø Medical Equipment- CT Scanners,
heartbeat monitors,
electrocardiogram
Ø Automobiles- Antilock braking
systems, air-conditioner controls,
electronic fuel injection systems
Ø Industrial Applications- Assembly
lines, multiple parameter
monitoring systems, data collection
systems
Ø Aerospace- Navigation systems,
guidance systems, GPS
Ø Communications- Routers,
network hubs, satellite phones
Progression of Embedded Systems
over the Decade
With changing times, inventions have
become a routine in the world of
technology; the embedded systems
have also undergone some salient
modifications. In the existing times,
the embedded technologies are
responsible for the intellectual
capabilities of utmost modern devices,
for both consumers as well as
industrial. To present this in a simpler
manner, the embedded systems not
just control the lifestyle devices like
microwaves, smartphones, tablets,
and other consumer electronics but
also directs the telecommunication
systems, submarines, ATMs, and
many more.
The upper echelons in the field of
embedded technologies have created
some innovative technologies over the
last decade which is highly admired.
Multi-core processors, virtualization,
the expansion of devices with
improved security requirements,
64-bit processors and new chip
manufacturing processes are some of
41September 2018|

44. the innovative achievements.
Embracing such innovative technologies addresses the scale of the market and the number of its players which
include companies like semiconductor suppliers, system software development, and mechanical components
suppliers, system software development companies, and mechanical components suppliers. The embedded systems
market leaders include national and international renowned companies.
Advancing with Multifunctional Features
With the advent of multi-functional engineering, the next age of wireless communication systems is encouraging a
new level of technology integration. Incorporating effective measures like progressive data rates, great connectivity
for systems such as the Internet of Things (IoT), less power consumption, and other striving goals can be achieved by
joining advanced digital, RF, and antenna technologies.
An embedded system which performs multiple applications is known as a multi-mode embedded system as it
dynamically recomposes the system functionality. Moreover, an embedded system which additionally assists
multiple tasks to be executed in a mode is known as a multi-mode multi-task embedded system. The multi-material
additive manufacturing processes offer the potential for multi-functional parts to be manufactured in a single
procedure. To utilize the potential benefits of the developing technology, analysis, new designs, and optimization
methods are needed. Such methods are facilitated in the optimization of a multifunctional part by pairing both the
structural design aspects and system. An application development platform known as Multifunctional Embedded
Application Platform (MEAP) is used to create customized applications.
Trends to Watch
Developers should constantly keep an eye on the trends and make appropriate use of the latest advances in
techniques and technologies. Some of the trends include Internet of Things (IoT), processor technology, storage,
artificial intelligence and, virtual and augmented reality. Also, there are several trends like embedded security, real-
time visualization; cloud connectivity and Bluetooth mesh networking, low power consumption and optimization
that will help developers working with microcontroller-based solutions.
Elevating with Time
Over the years, embedded systems have come a long way and contributed to every aspect of the industrial sector. All
the devices or appliances used in our daily lives are designed in such a way that can be used without creating
difficulties using the embedded systems. Taking this into account, in coming times every object around will consist
of a either a small processor or sensor embedded within itself. Even though it is invisible to the naked eye it still
connects with multiple other devices to make the lives more allied and accessible than ever before. Using embedded
systems, wonders like driverless cars, fully automated factories, adaptive home appliances and many more devices
have successfully been created.
In the upcoming times, the embedded systems are looking forward to evolve with technologies that will assist large
data storage dimensions, faster communication and highly linked connections among the devices.
42 |September 2018