Risk Management and Response

Combining IT risks related to information, applications and systems with risks related to people and processes allows the organization to get a more holistic view of risks to the enterprise. Threats and vulnerabilities that make up the risks extend way beyond the silos of IT security, physical access security and industrial controls. AlertEnterprise delivers the only solution that uncovers the most overlooked gap in security – the blended threats exist between these silos. No organization can completely eliminate all risks. However taking a programmed approach to risk management where risk to assets – both IT and non-IT, as well as to people and processes can be prioritized by criticality, making it possible for the enterprise to invest in controls and mitigation where it delivers the best protection while delivering the best return on investment.

Intelligent Risk Visualization
Risk reports, remediation reports and system logs are too technical. Arcane looking text reports make it very hard for business managers to understand the impact of what this means for the business. They must rely on IT security to render an opinion as to the consequences. AlertEnterprise delivers a risk visualization environment that allows assets, people, users, roles, transactions, risks and authorizations to be represented visually. Various mapped objects can be made the center of focus to study the linkages and relationships it has to other entities.

AlertInsight can automate, monitor, and track the numerous certification projects that most companies require to pass audits. Additionally, the solution goes a step further in achieving a simple and sustainable GRC model. It can extend risk analysis beyond IT access, to assess risk across business systems, physical access systems, and even industry-specific control systems, while delivering a fully comprehensive view of risk with the ability to more fully comply with industry-specific regulations like NERC CIP and CFATS; as well as standards such as Sarbanes-Oxley, NIST SP 800, COBIT 4.0, ISO 27001 / 27002, HIPAA, PCI and FISMA.

  • Visually display users, roles, transactions, risks and authorizations already defined in ERP
  • Conduct root-cause analysis for compliance and SOD violations
  • Display risks in an easily understood format and allow what-if analysis prior to remediation

Active Risk Remediation
This auto-remediation solution transforms the information that previously relied on textual tables and matrices, into easy-to-understand visuals that highlight the relationships among transactions, roles, risks, controls, users, and associated assets. With a single mouse click, AlertEnterprise enables mutual understanding and meaningful communication about the exact causes of risk and how to remediate it. This capability extends beyond business systems to include risks from physical access control systems and industrial control systems as well, making this an excellent add-on to any ERP environment.

  • Review results from root cause analysis visually
  • Conduct what-if analysis on remediation steps providing risk analysis prior to remediation
  • Extend across IT systems to include physical access controls and industrial controls

Business-IT Alignment
It is increasingly common to see marathon GRC project meetings between business and IT. IT needs to explain the technical details of the root cause of a risk for the business side to take any action. The process becomes even more complicated when the proposed remediation (such as a role change) could impact other users by accidentally removing their access and keeping them from doing their jobs. This back-and-forth exercise can go on interminably as each risk is examined and remediated.

AlertEnterprise bridges the divide between Business and IT, enabling risk analysis and remediation of risks easy and understandable. A single mouse-click in AlertEnterprise can saves hours or even days in comparison to today’s textual reporting practices. The AlertEnterprise risk management platform helps to drill down into risks to examine details of processes, transactions, roles with permissions and personnel through an integrated dashboard. Roles-based dashboards deliver compliance information and suggest remediation steps.

  • Hide the complexity behind technical risk analysis for business functions
  • Simple, intuitive user interface with one-click remediation
  • Powerful impact with real users, processes, transactions and risks represented in application

Solutions
space
zone1bar
space
zone1bar
space
zone1bar
spacer

Industry Solutions
 
  Industries
  Smart Grid/ Utilities
  Oil & Gas
  Chemicals
  Transportation
  Nuclear
  Pharmaceuticals
  Healthcare
 
Public Sector
  Federal Government
  Defense and Intelligence
  Public Safety
  Airport Security
  State & Local Government
 
Regulations and
  Standards
  NERC CIP
  CFATS
  Sarbanes-Oxley
  FERC Codes of Conduct
  ANSI/ISA 99
  NIST SP800-XX
  FISMA
  HSPD-12
  HIPAA
  OSHA
  OFAC