Agiliance Unveils IT Governance, Risk and Compliance Solution  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

ISO-27002-(17799) News

Agiliance Unveils IT Governance, Risk and Compliance Solution

(Jan 31, 2007)--Agiliance unveiled Agiliance IT-GRC, the first integrated platform designed to manage the interdependent disciplines of information technology governance, risk and compliance management which  is specifically designed for Information Security organizations that have initiatives to reduce IT security risk and lower the cost of multi-regulatory compliance, while leveraging standards such as ISO 17799/27001, COBIT-4, FFIEC and NIST SP800-53.

Agiliance IT-GRC is an innovative, comprehensive solution that enables global enterprises to define and manage security policies, measure and manage risk, use standards and automation to lower costs, and achieve sustainable compliance with multiple regulations, industry mandates and internal policies.

Analysts and industry thought-leaders agree that Governance, Risk and Compliance are closely coupled and best managed with an integrated GRC platform. General-purpose GRC platforms, however, are ill-suited to meet the specific needs for IT security risk and compliance management. Agiliance is the first to deliver a purpose-built IT GRC platform that supports the key IT concepts of assets, information security, technical controls, automated testing and IT standards.

Agiliance IT-GRC unifies the management of the three interrelated disciplines in a single powerful product:

* IT Governance, at the strategic level, is where corporate objectives and policies are set with respect to acceptable levels of risk and to meeting specific industry mandates and government regulations. Agiliance IT-GRC provides all the necessary facilities for security policy definition and lifecycle management as well as management of controls – all based on frameworks such as ISO 17799/27001, COBIT-4, FFIEC and NIST SP800-53.
* IT Risk Management focuses on assessing and managing security and compliance risk. Agiliance IT-GRC implements a robust security risk assessment workflow and quantifies risk by integrating the effectiveness of controls, relevant threats and vulnerabilities, and the potential impact of a security breach on business performance.
* IT Compliance Management, at the more tactical level, ensures that appropriate actions are being taken to execute on Governance objectives and policies based on stated risk tolerance. As the only solution that seamlessly integrates survey-based and automated monitoring, Agiliance IT-GRC tests and enforces technical and business controls to mitigate risk, ensuring that internal policies as well as industry and regulatory requirements are satisfied.

“Security, Compliance and IT Risk Management initiatives may be owned by different organizations but leverage the same underlying processes,” said Ken Newman, Vice President Security at American Savings Bank. “Each one requires IT-governance based policies and controls which are ideally based on standards such as COBIT and FFIEC, and each requires ongoing assessment and remediation. In addition, security and compliance are an integral aspect of a company's risk picture. An integrated offering significantly decreases costs and redundancy, improves collaboration between departments, and discourages organizational silos. We found the Agiliance IT-GRC platform to be the first solution that integrates these disciplines effectively in a compelling fashion.”

Most organizations understand the benefit that risk metrics provide in making more informed decisions, including for security and compliance management. Many, however, lack well defined methodologies based on standards such as COSO ERM or NIST SP800-30. Risk assessment, when performed, is commonly done by sending surveys to process owners via email and responses are consolidated in Excel spreadsheets. This manual approach takes inordinate amounts of time to complete and the results are error-prone and unreliable. Moreover, such a labor-intensive approach cannot scale, forcing the organization to assess risk on a small subset of their assets on a less frequent basis.

Agiliance IT-GRC addresses this issue head on. It implements a best-practices standards-based risk assessment and management methodology. It replaces labor-intensive manual risk assessment surveys with automated processes and a workflow that supports management escalation and exception request handling. Agiliance’s advanced risk analysis and correlation engine generates high-quality risk scores that integrate all relevant security, threat, vulnerability and incident information, including information generated by 3rd party security tools customers have deployed. Agiliance associates controls and compliance status with risk metric. Should a control fail, Agiliance increases the risk score of the affected assets and propagates the risk to the risk scores of all dependant business processes. These capabilities enable the organization to assess risk on a very large pool of their assets on an ongoing basis.

In addition to internal policy objectives, IT organizations are subject to an ever increasing number of government regulations such as Sarbanes-Oxley (SOX) 404, GLBA and HIPAA, and to various industry mandates such as FFIEC, PCI or ITIL and more. Analyst surveys reveal that most organizations handle multiple regulations as independent projects, entrusting them to separate teams. While effective in meeting compliance, this silo approach is hugely inefficient because of the very large overlap between many regulations and industry standards. A silo approach to compliance results in many redundant controls, unnecessary complexity and, of course, bloated compliance costs.

Agiliance IT-GRC helps customers eliminate silos through the implementation of a common control framework based on standards such as ISO 17799/27001, COBIT-4, NIST SP800-53 and others. Common controls allow customers to test once, certify many mandates. The Agiliance platform ships with a vast content library of best-practices policies and controls, mapped to all major regulations and industry standards. Users can take advantage of the pre-defined policies and controls to quickly and easily implement a robust, standard-based, cost-effective compliance model that meets internal objectives and satisfies regulators.

Agiliance also allows users to automate the deployment, monitoring and enforcement of policies and controls for assets that can be automated, which includes most computing assets. By enabling automation, users can further reduce risk and cost, and transition to continuous sustainable multi-regulatory compliance.



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.