Agiliance Risk Vision


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Agiliance Risk Vision

  1. 1. Agiliance RiskVision 4.0 “Not only did the IT Risk Management and Compliance Automation Platform Agiliance solution alleviate some immediate pain through automation of the seemingly never-ending list of compliance assessments, I believe it will ultimately help us implement a proactive and cost effective risk management strategy.” Agiliance RiskVision™ is a complete IT • Improves risk management efforts: risk and compliance management system Agiliance RiskVision supports an — Shane Fuller, designed to help organizations keep pace “always-on” proactive approach to risk Information Security with the expanding requirements of IT management that helps companies gain & Compliance Manager, compliance and operate at their highest enterprise-wide visibility into risks and RSA Insurance level of performance. With powerful risk reliably report on current IT risk exposure. management and automation capabilities, • Supports effective governance: companies can reduce compliance related Agiliance RiskVision allows organizations costs by up to 70% and improve oversight to measure and report on the of IT compliance initiatives. Our integrated IT effectiveness of risk and compliance risk and compliance management platform initiatives, better align IT strategy with is being used by some of the world’s largest strategic business goals, optimize companies to solve their most pressing existing security investments and IT issues including business continuity resource usage. This combined with management, vendor risk management advanced risk methodologies and and compliance management. dynamic modeling allows businesses to make risk-informed strategic decisions. SOLUTION BENEFITS • Rapid deployment and long term • Delivers real cost savings: Agiliance ROI: Agiliance RiskVision was built from RiskVision supports repeatable, the ground up as a standards-based sustainable controls monitoring, testing product that supports the extensibility, and reporting processes to reduce reliability and usability requirements compliance related costs by up to 70%. of today’s enterprise. The solution • Streamlines existing compliance accelerates time-to-deployment with processes: The product helps businesses advanced configurability features and reduce time to compliance by up to extensive interoperability with third- 80% and maintain ongoing compliance party applications. with mandates without invasive and expensive overhauls of IT infrastructure.
  2. 2. BUSINESS CHALLENGE helps businesses strategically manage Successfully balancing today’s risk compliance demands and allocate IT budget “Agiliance RiskVision management, cost reduction and compliance and resources based on business objectives. equation can be a difficult feat. As security is purpose-built from incidents and new regulations continue to AGILIANCE RISKVISION OVERVIEW the ground up to grow in number and complexity, businesses Agiliance RiskVision arms companies with an what it is intended to often find themselves diverting precious staff efficient, repeatable and continuous process time and operating budget away from growth for IT compliance and risk management. It do – provide IT-GRC supporting initiatives to reactive activities such provides complete visibility into current risk management. Since it as regulatory audits. status and delivers the accurate intelligence and analytics required to ensure informed is not a suite of glued As demands to control the bottom line business decisions based on risk posture can together products, it increase and regulators become even more be made with ease and confidence. does not need to be aggressive, over-investing in compliance- related programs can negatively impact a RISK MANAGEMENT DATABASE integrated to work. company’s ability to fund future growth Agiliance RiskVision is the only product From the beginning, initiatives. For businesses that want to on the market that features a unified sophisticated risk break out of the current inflated threat and Risk Management Database (RMDB) that compliance-driven spending model to develop automatically aggregates and correlates data intelligence and a more resilient and cost-effective IT risk and controls across systems, people and management went management process, Agiliance RiskVision processes as well as controls from standards, into the product.” — Peter Stephenson Senior Editor SC Magazine
  3. 3. frameworks, policies and regulations – Controls are automatically mapped to entities, out-of-the-box without the need for whether people, processes or systems, based “Agiliance comes custom development – to serve as a single on profiles. By providing a mapping of all authoritative source of IT risk from IT and policies, controls and regulatory requirements, out on top in terms of non-IT entities. Agiliance RiskVision automatically rationalizes risk functionality that controls across multiple regulations, thereby provides, out of the box, Provides authoritative source of IT risk. reducing overall effort and cost required to Agiliance RiskVision collects risk data from meet regulatory requirements. Unlike security the most standards- non-IT entities like people, vendors, and automation point solutions or process- based methodologies processes using web-based e-surveys and related GRC applications, Agiliance RiskVision automatically imports risk data from a wide combines data and test results from both IT for analyzing IT risks.” range of IT, security and compliance assets. and non-IT entities to dissolve organizational — Marc Othersen silos and provide an authoritative single view Senior Analyst Streamlines compliance efforts across of IT risk across the enterprise. Forrester Research multiple regulations and best practices. Agiliance RiskVision ships with a content-rich Common Control Framework that premaps controls across over 30 regulations and industry mandates (e.g., SOX, HIPAA, PCI, GLBA, and NERC), many standard frameworks (e.g., ISO 17799/27001/27002, CobiT, and NIST SP800-53/SP800-66), 10,000+ controls and sub-controls, and 200+ key risks as well ANALySIS AND WORKFLOW ENGINE as best practices, threats, vulnerabilities and Agiliance RiskVision supports an “always-on” integration with live threat data feeds. proactive approach to risk management that helps companies gain enterprise-wide visibility into IT risks and reliably report on current IT risk exposure by transforming and linking entities, regulations, policies and controls to risk scores. With the ability to accurately monitor and report policy and compliance- related violations and track remediation efforts, business can proactively manage corporate risk. Delivers centralized policy management. Agiliance RiskVision enables IT, risk and compliance managers to create new policies, promote policy awareness, manage policy exceptions, assess policy compliance, and view risks that may arise from non-compliance. Policies are linked to controls and can be linked to risk as well – allowing analysts to view risk of non-compliance. Complete
  4. 4. policy authoring, review, approval and assessment projects. E-surveys can be dissemination capabilities based on delegated to teams or individuals and the “We’re working with multi-stage workflow are built-in to system assures that the right people are the application. The product includes responding to the surveys. The solution Agiliance because awareness campaigns that can be used to enables multiple assessment projects to their product met promote, communicate and test employees’ run simultaneously and scales to conduct our key criteria understanding of policies. assessments on tens of thousands of entities. which include easy Provides a complete closed loop risk integration with our management system. The product company’s existing provides continuous visibility into the monitoring, management and reporting of applications.” risks and controls across departmental and — Oliver Eckel, geographical boundaries to help eliminate Head of silos. Agiliance RiskVision calculates current Corporate Security, risks, inherent risks and remedial risks with bwin Interactive operational risk scoring of controls down to Entertainment AG the sub-control level across 10,000+ controls in the Common Control Framework. The product supports multiple risk methodologies including ISO 27005, ISO 31000, and COSO Automates Assessments. Agiliance ERM and risk assessment types, such as, IT RiskVision streamlines assessments using risk, ERM, KRI trending and threat models web-based e-survey questionnaires and so that companies can anticipate potential automated workflow with the ability to threats and react appropriately. import findings in multiple formats and from multiple sources. E-survey questions are automatically generated based on controls, delivered and tracked based on configurable workflow to help avoid dead-ends and project delays. Survey responders can attach evidence in the form of csv, pdf, excel or word files (e.g. structured files containing activity or time stamp data from systems such as physical access control, building management or fire protection systems for data centers) for use by auditors. Powerful project wizards allow assessment projects to be quickly initiated and easily configured The product automatically prioritizes IT using pre-defined workflows or previous assets such as servers, applications and network devices that need to be monitored for risk so that the most critical assets can be addressed first, e.g., those containing personal identification information, medical records or credit card information. Using
  5. 5. this intelligence, decision makers can be confident that budget is being wisely allocated “Agiliance is one of towards the most critical assets – eliminating the solutions we use overspending on shotgun approaches that may add unwarranted controls across the in Arizona as part of entire IT environment. our overall effort to To provide end-to-end risk management, take an “always on”, Agiliance RiskVision automates remediation proactive stance to and mitigation workflows with a native security and risk so that ticketing system and integration with internal ticketing systems, like BMC Remedy and HP we can stay ahead of Service Center, and ensures that remediation, evolving threats and exception handling and delegation to teams is Delivers dynamic risk modeling to support handled in a efficient manner. informed business decisions. Agiliance preserve confidence in RiskVision delivers powerful “What-If” risk government services.” modeling capabilities to study the effects of applying specific controls before changes — Fred Sargeson are made. With roles-based views, managers General Manager NIC- State of Arizona across the enterprise can assess the impact of various risk mitigation plans including the cost of downtime and the cost of replacing the asset to make real-time decisions about INTELLIGENCE CENTER remediation versus accepting or transferring With intuitive risk performance dashboards the risk. Agiliance RiskVision allows risk and powerful analytic tools, Agiliance parameters to be expressed in dollar values, RiskVision allows companies to pull together making it easy to compare the cost of controls the interdependent disciplines of security, to their effectiveness in mitigating the compliance and risk to establish more corresponding risks. This, in combination with accountable and effective IT governance powerful trending tools, allows executives to without the associated high costs and easily track and measure the effectiveness of inefficiencies of disparate programs. Agiliance risk and compliance programs over time. RiskVision helps companies evolve their risk management processes by providing current Ships with over 150 standard templates to and accurate visibility into how IT risk affects document compliance and communicate the entire organization and by enabling rapid, risks. The built in reporting capabilities help informed decision making on allocation of IT companies to efficiently meet regulatory security investments and risk posture to ensure and executive reporting requirements. With business resiliency. By combining advanced customization features and real-time data- quantitative and qualitative risk analysis feeds, users can create up to the minute techniques, customers have the degree of content-rich reports for auditors and granularity needed to make informed risk- executives within a matter of minutes. The based decisions. product allows users to report on compliance
  6. 6. InnovatIve status, risk status, remediation status and requirements of today’s enterprise. Agiliance Modern business ROI information based on exposure, solutions are highly configurable and easy to archItecture rate of occurrence and loss expectancy. integrate so that companies can realize time • n-Tier web applications utilizing to value in 45 days or less. Web 2.0 and Ajax capabilities • Apache and Java stack, cross- Provides executives with accurate and up- platform, enterprise scalable to-date risk and compliance transparency. Our security automation and enterprise • Web services interface for connectors, reports and dashboards By normalizing and combining risk from non- software acumen allows us to offer the compliance with regulations and standards, IT capabilities customers need to support long- connectIvItY security and system automation gaps as well term risk management goals and realize up Configuration Management as process related risk, Agiliance RiskVision to a 70% reduction in compliance related Systems consolidates risk data into dashboard views costs. By offering market-ready “quick-start” Altiris SecurityExpressions (Symantec) Big Fix that provide executives transparency into solutions, Agiliance helps companies progress BMC Atrium current compliance and risk status. Using from first phase compliance projects through NetIQ SCM roles-based views, risks can be effectively to robust and strategic IT risk management Symantec ESM communicated across the organization using programs with ease and confidence. Vulnerability Scanners the intuitive web-based interface to display eEye Retina HP WebInspect risk and compliance results in summary views With the industry’s most powerful risk IBM Rational AppScan by organization or business unit. management and automation platform, ISS SiteProtector Agiliance is the company that global 2000 McAfee Foundstone nCircle IP360 WHy AGILIANCE companies trust to solve their most pressing Nessus – Tenable As the costs and complexity of IT risk and risk issues including business continuity QualysGuard compliance management continues to rise, management, vendor risk management and Skybox Agiliance believes that customers deserve compliance management. Remediation Management high performance solutions that completely Best Practical Solutions RTIR BMC Remedy address the IT risk and compliance demands HP Service Center (Peregrine) of today and scale to meet future challenges. Security Information Agiliance RiskVision was built from the ground Managers (SIM/SIEM) up as an integrated IT risk and compliance Arcsight Enterprise Security Manager Cisco MARS management platform that supports NetIQ Security Manager the automation and risk management Novell Sentinel RSA enVision Integrated Security Managers McAfee ePolicy Orchestrator RSA DLP Enterprise Suite (EMC) Identity Management CA SiteMinder IBM Tivoli Identity Manager ABOUT AGILIANCE Oracle Identity Manager Agiliance offers highly-automated IT risk and compliance management software products designed to Sun Identity Manager help organizations thrive in the face of mounting pressures to manage and balance risk, compliance and Automated Controls IT budgets. Global 2000 companies in the financial, healthcare, energy, government and technology Approva BizRights Platform industries are leveraging the power of Agiliance software to cut compliance costs and to provide decision Oracle Enterprise Manager makers with the current and accurate intelligence they need to better understand how IT risk affects their SAP GRC Access Control (Virsa) entire organization. Agiliance, Inc. 1732 North First Street p: 408.200.0400 © 2008 Agiliance, Inc. Suite 200 f: 408.200.0401 All rights reserved. San Jose, CA 95112