FISMA News

Brabeion Software Announces Next-Generation IT Governance, Risk & Compliance Management Platform

Reston, VA – October 3, 2007 – Brabeion Software, a leader in IT Governance, Risk and Compliance (IT GRC) Management, today announced the next generation of its groundbreaking IT GRC software platform, Brabeion IT Risk & Compliance Manager 3.0 (ITRCM). Brabeion was first to market with a complete IT GRC suite that helps organizations achieve and sustain compliance and optimally manage risks while lowering assessment costs.

Brabeion’s solutions have been successfully deployed in Global F1000 with dramatic returns on investment. With today’s new 3.0 release, Brabeion furthers the IT GRC industry vision by enabling IT risk and compliance to be managed more strategically as a business risk. New role-based dashboards elevate Brabeion into the industry’s first single solution to deliver a unified view of risks across people, processes and technologies tied to regulations, standards and company policies – eliminating the need to cobble together manual surveys and disparate tools. Brabeion also introduces the industry’s first “compliance risk scoring” for assets that factors in the likelihood of IT control failures – addressing a major gap in today’s traditional risk equation that can result in misleading data. New document workflow and repository management features that reduce cycle time and redundancies round out this mature IT GRC offering.

As enterprises struggle to gain control over compliance with numerous regulatory mandates and in the face of complex and continually changing IT environments, they are seeing their compliance focus evolve from the mitigation of negative security threats toward the philosophy that it is part of a comprehensive risk management program – and are now focusing on getting their risk management programs in place. IT GRC is emerging as an important new market category to give this strategic view toward managing business that is needed in highly regulated environments. According to AMR, thirty percent of the $30 billion IT compliance spend is going to GRC platforms. Industry analysts and experts agree that the key to this risk-based approach is adopting a disciplined system for defining, measuring and monitoring IT controls, both technical and non-technical.

Brabeion IT Risk & Compliance Manager 3.0 Features and Benefits Brabeion’s suite consists of the Brabeion IT Risk and Compliance Manager (ITRCM) and the Brabeion IT Risk and Compliance Center (ITRCC). Brabeion ITRCM is a web-based risk and compliance program management solution that scales across a global, diverse environment. When combined with the Brabeion ITRCC knowledgebase, it is the only solution to automate policy, procedure, standards and controls lifecycle management; perform automated assessments with bi-directional traceability from policies to controls; and offer a deep knowledgebase of proven, audit-ready content (policies, standards and controls) developed with partners including PricewaterhouseCoopers and IT Governance Institute and mapped to frameworks and regulations.

With release 3.0, Brabeion eliminates critical exposures in governance, compliance and security programs with: ?

--> A clearly articulated compliance view of people, process and technology with an integrated approach to measuring control implementations through automated and manual assessments

---> A flexible userefined, formula-based model to calculate risk scores based on control compliance, control impacts and the business value of assets ? Role-based dashboards that provide comprehensive metrics, track user policy acceptance, control exceptions, and remediation efforts

--> Automated testing for multiple platforms with integration to assessment and systems management technologies from Microsoft, Symantec and NetIQ as well as commercial and proprietary asset data sources and change management solutions

--> An integrated web based survey and questionnaire engine with online and offline capabilities for distributed assessments

--> Risk and compliance assessments based on more than 6000 control tests by integration into Brabeion ITRCC’s extensive controls knowledgebase.

This content contains: o Over 600 ISO based standards cross-referenced to international frameworks such as ISO and COBIT and over 30 Legislative and regulatory requirements o Detailed control information for over 90 technologies To serve the needs of customers in specific markets, Brabeion provides out of the box content to support for over 30 frameworks and regulations including FFIEC, GLBA and SOX for financial services; FERC and NERC for power and energy; PCI requirements for retail; FISMA for the federal market; and HIPAA for the healthcare market. Pricing and Availability Brabeion ITRCM and ITRCC are available immediately directly from Brabeion Software.

About Brabeion Software Brabeion helps organizations achieve and sustain compliance and optimally manage risks through full policy, procedure and controls lifecycle management powered by comprehensive information risk and audit content developed and maintained by our team of domain experts, in collaboration with strategic partners including PricewaterhouseCoopers LLP, IT Governance Institute, Microsoft Corp, Oracle Corp and others. Brabeion’s IT Risk and Compliance Management platform dramatically reduces risk and improves compliance while lowering assessment costs by leveraging the reuse of tests across all audit requirements through integration with assessment technology and manual surveys. Brabeion is a member of the Information Security Forum (ISF). Brabeion solutions are successfully deployed across a wide range of vertical markets including Financial Services, Retail, Energy, Healthcare, and Government. Customers include Chevron, CIT Group, DirecTV and Guardian Life Insurance. For more information, visit www.brabeion.com.

Share or bookmarklet this web page at: