Risk Manager

New FFIEC Guidance Requires Financial Institutions to Enhance Their Risk Management Programs by January 2012!

The FFIEC's recent supplemental guidance calls for a much more comprehensive approach to risk management and establishes a new "best practice" standard for mitigating risks to online systems by the January 2012 deadline.

To provide some well-needed clarification, plus help institutions better understand what is needed to meet the new requirements by the compliance deadline of January 2012, TraceSecurity is offering several free resources available for download.

 

RiskManager is an extension the TraceSecurity ComplianceManager platform, the first cloud based platform to integrate all the vital information and tasks necessary to maintain security compliance into a centralized interface, allowing organizations to streamline security compliance procedures and simplify the processes involved with IT risk management.

 

Solution Overview

RiskManager™ is a cloud-based tool that helps the organization facilitate an ongoing risk management program by analyzing an organization's vulnerabilities, threats, asset information, controls and loss expectancies. It assists in the overall analysis process and enables the user to assess critical focus areas to determine the overall level of risk. Plus, the entire risk assessment process is captured and managed through the software which automates the process and provides a foundation for future risk assessments.

RiskManager™ allows the institution to manage their processes locally with TraceSecurity providing technical support and enhancing their efforts with additional services. This method helps the organization facilitate an continuous risk management program without straining internal resources or incurring high vendor costs each time a risk assessment is needed.

TraceSecurity RiskManager™ offers many benefits, including:

Reduces employee resource costs of IT Risk Assessments

  • Streamlines the entire Risk Management process through an precongured framework of threats, assets and controls
  • Fully customizable threats, assets and control parameters
  • Measures risk level of each asset related to: Confidentiality, Integrity, Availability
  • Leverages previous risk assessment responses to minimize the time associated with controls that have not changed since the previous risk assessments

Develops a standard, repeatable audit process

  • Based on standard risk assessment approaches including OCTAVE & NIST
  • Integrated regulation information to aid in compliance
  • Can easily be mapped to company-specfiic regulations and standards
  • Customizable levels of risk assessment; one size does NOT fit all
  • Framework guides multiple employees through the same risk assessment methodologies providing a standardized risk assessment process

Creates standardized, accurate reports and thoroughly prepares the IT department for audits by regulatory boards

  • Creates a concise executive summary for management, boards and auditors
  • Detailed reporting capabilities including charts and graphs
  • User note section helps create a trail and lessens the time wasted trying to track information during examiner review


RiskManager™ saves time and money by automating the steps of the risk management process:

Asset group analysis. Identifies core assets and assigns a level of criticality to each asset in the areas of CIA.

Threat analysis. Identifies all relevant threats, evaluates each threat to determine which assets are affected, then assigns a level of criticality to each asset in the areas of CIA.

Control analysis. Identifies safeguards that can be used to protect each asset, assigns values to each control in terms of how it protects against specified threats.

Risk assessment reporting. Automatically associates and calculates data to produce a detailed risk assessment report.

Key Features of RiskManager™

  • Cloud-based; always available, on-demand
  • Automates the risk assessment process
  • Creates a standard, repeatable process
  • Preconfigured templates streamline the creation of assessments
  • Based upon industry standard risk assessment approaches including OCTAVE and NIST
  • Built-on robust framework of threats, assets & controls
    • Fifteen unique threat types
    • Over 100 security controls
    • Predefined asset information
    • Predefined severity levels for threats, controls and vulnerabilities
  • Parameters for threats, asset groups and controls fully customizable
  • Detailed reporting capabilities including charts & graphs
  • Scalable framework
  • Multi-user access
  • Integrated regulation information to aid in compliance
  • Continuously updated with new threats and controls
Download Data Sheet

 

What You Need To Know About the New FFIEC Guidance

 

Related Solution

IT Risk Assessment Overview

TraceSecurity's methodology provides the most thorough, objective, and easy to read information security risk assessment available.

Our risk assessments follow standard methodologies designed to meet all regulatory requirements and best practice guidelines, including the new standards for information security assessments set forth in the recently revised FFIEC Guidance.

During IT Risk Assessment process, our experts closely scrutinize the organization's controls, vulnerabilities, threat vectors, asset information, and loss expectancies. Each individual risk is then analyzed and compared against other identified risks, enabling the organization to prioritize remediation efforts and preempt losses with the most exposure.

 

The TraceSecurity Information Security Risk Assessment includes:

  • Data gathering (Based on interviews and documentation)
    • Identify Key Personnel
    • Identify and Collect Key Documentation

  • Based on the data gathered, the Analyst performs:

  • Asset Group Analysis
    • Asset Group Mission Factor Weighting Classification
    • Asset Group Sensitivity Classification based on Confidentiality, Integrity, and Availability
  • Threat Analysis
    • Threat Mapping
    • Probability Analysis
    • Impact Analysis
    • Risk Assignment
  • Control Analysis
    • Control Mapping
    • Implementation Analysis
  • Risk Analysis
  • Reporting
  • Report Briefing
Download Data Sheet

 

 

Download "The Key to Continuous Compliance", which explains the value of having qualified experts properly identify and evaluate information risk through a comprehensive risk assessment. Download this free white paper now