ESP - Cyber Risk Governance
ESP Enterprise Risk Governance
In a world where information has become too important to risk, IT professionals are increasingly assuming the role of risk managers. They must meet business needs while doing the best possible job of protecting their networks—because the loss or compromise of critical data or any interruption to communications can bring business to a screeching halt. In addition, they must protect the organization itself from risks associated with failing to maintain full regulatory compliance.
As IT security organizations struggle to gain a meaningful understanding of the level and sources of risk within their information systems environment, they face a significant challenge in trying to interpret and correlate information generated by all the disparate controls deployed throughout the environment. A quantitative risk management approach can provide an important set of business-aligned security metrics to help administrators manage security and compliance initiatives in a way that effectively leverages available resources and protects the key interests of the organization.
An innovative approach to Cyber Risk Management:
ESP Automated Risk Assessment Process
The Elemental Security Platform provides automated Risk Assessment correlating value, security compliance and trust relationships of systems.
Risk becomes an integral part of the ESP solution, providing unified oversight and control for security and compliance management. In simplest terms, Cyber Risk can be viewed as a measure of the associated loss potential for a computing system.
The visibility enabled by the Elemental solution provides a rich set of multi-faceted value, trust and security compliance indicators.
During its automated risk scores and values calculations, ESP is combining for each observed system the following factors:
Compliance & Trust Indicators: The unified policy framework delivered by ESP encompasses a wide array of native policy based controls that traverse the many operational layers of computing devices. In quantifying a measure of the degree of risk to which a system is exposed, the ESP takes into account the system’s compliance with its assigned security policies, as well as the compliance of systems it trusts. Collectively, a system’s adherence to and conformance with a set of well written security policies provides a robust and comprehensive methodology for assessing the potential for that system to be compromised or disrupted.
Value Indicators: System value at risk is determined by a number of factors—including the type and characteristics of systems, observed networking activity, and the value of the information stored or transacted by and through it. More than simply the intrinsic value of the machine, the indicators of value are closely aligned with a measure of the value an asset represents to the business, and are rooted in the context of the business environment.
This means the value indicators are ‘tunable’ through weighting that best reflects the most relevant factors within specific operational environments. These include:
- - Hardware / Software / Devices / Applications
- - Documents: context- and age-dependent
- - Network Activity – a comprehensive view of the volume and type of both inbound and outbound communications
- - Roles – weightings based on the business purpose, location, and importance of systems