See How It Works

Risk

The risk assessment is the catalyst for setting up and managing an on-going, risk-based information security program. A risk assessment shows organizations what type of controls are required to protect assets and resources (physical locations, networks/servers, staff, etc.) from threats – allowing your organization to reduce exposure and maintain an acceptable "risk tolerance”. 

 

Click here to download the TraceCSO Risk Management Data Sheet.

Risk

The TraceCSO Risk assessment structure is based on the NIST 800-30 methodology of tiers and inheritance modeling. This allows an organization to see the relationship between assets and reduces the amount of redundant effort required to properly document the environment. 

 

Click here to download the TraceCSO Risk Management Data Sheet.

Risk

The risk assessment establishes the necessary controls to properly mitigate risk and provides the framework to integrate and automatically populate data across all functional areas of TraceCSO.

 

Click here to download the TraceCSO Risk Management Data Sheet.

Risk

TraceCSO provides a baseline structure of common assets, threats and controls that can be customized to an organization’s environment. After the structure is completed, TraceCSO will survey control owners to attest to the implementation of their controls and to ensure that they meet not only the control objective, but also any applicable regulatory requirements.

 

Click here to download the TraceCSO Risk Management Data Sheet.

Risk

Once the risk assessment is complete, TraceCSO provides a break down of all the controls the organization has in place and those that need to be implemented. TraceCSO generates a Remediation Action Plan to help determine the appropriate implementation pathway.

 

Click here to download the TraceCSO Risk Management Data Sheet.

Risk

The Remediation Action Plan gives the organization a top-down view that helps determine and approve which controls are most appropriate and cost effective to implement – providing visibility into the organization’s inherent risk, the number of controls not implemented, and the residual risk that remains once a control is implemented. Once an action has been decided, a ticket will be generated and sent to the appropriate user within an organization so that remediation efforts can begin. 

 

Click here to download the TraceCSO Risk Management Data Sheet.

Risk

Risk assessment output becomes a foundational pillar inTraceCSO and integrates with every other functional area of the system to ensure that when control implementation occurs in one area, such as the creation and distribution of a policy, the risk assessment knows about it and can automatically update its score to reflect the changes.

 

Click here to download the TraceCSO Risk Management Data Sheet.

Risk

To dive deeper into the functional areas of TraceCSO, click on the links in the "See How it Works" section to the left.

 

Click here to download the TraceCSO Risk Management Data Sheet.