Automation of Risk Management to Reduce Cost and Improve Accuracy

Automation of risk management to reduce cost and improve accuracy

Introduction

Network Centric view of compliance that only addresses Discovery and Reporting functions of the Risk Management Life Cycle and does not address

• Prioritization of Assets

• Assessment

• Remediation

• Validation

With the advent of the “Application Risk Dashboard”, IT Security has implemented a variety of operational and security compliance profiles to address apparent threats to Verizon Networks, but unlike the original SRC (from which they’re moving away from) the dashboard lacks the means to assimilate security data from multiple sources, provide a repository of steady state documentation for application landscape, establish and certify access compliance and continuously measure application security posture.

This move will eventually leave NTEC-IT without the means to maintain Enterprise-wide, application availability and integrity due to a complete lack of visibility into risk posed by applications, devices, business processes, and both onshore and offshore administrators and users accessing data in bulk.

A need for the Security Resource Center Evolution

A cloud based, automated compliance solution with built in support for building or extending a flexible framework with “plug-ins” for the following industry/regulatory compliance processes: PCI Compliance, SOX, COBIT and other regulations.

The solution must have continuous security and compliance updates with real-time dashboards.

The solution must have configurable citation and policy-based risk model with real-time risk status for applications and application infrastructure that tie into VAST-APM.

The solution must have extensive risk and compliance reports on-demand both executive and detailed with the ability to “drill-down” for additional data. In addition, the reporting function must be able to integrate and normalize multiple data feeds.

The solution must be a single, centralized...