Agiliance Announces Agiliance IT-GRC(TM) , Industry's First IT Governance, Risk and Compliance Solution.Agiliance IT-GRC[TM] Selected by Leading Global Companies to Manage IT Risk, Lower Security Compliance Costs MOUNTAIN VIEW, Calif. -- Agiliance, a leading provider of IT Governance, Risk and Compliance (IT GRC GRC Greece (ISO Country code) GRC Glenn Research Center (NASA) GRC Governance, Risk and Compliance GRC Gendarmerie Royale du Canada (RCMP - Canada) GRC John H. ) solutions, today unveiled Agiliance IT-GRC[TM], the first integrated platform designed to manage the interdependent disciplines of information technology governance Information Technology Governance, IT Governance or ICT Governance, is a subset discipline of Corporate Governance focused on information technology (IT) systems and their performance and risk management. , risk and compliance management. Unlike generic GRC solutions, this is specifically designed for Information Security organizations that have initiatives to reduce IT security risk and lower the cost of multi-regulatory compliance, while leveraging standards such as ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. 17799/27001, COBIT-4, FFIEC FFIEC Federal Financial Institutions Examination Council and NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. SP800-53. Agiliance IT-GRC is an innovative, comprehensive solution that enables global enterprises to define and manage security policies, measure and manage risk, use standards and automation to lower costs, and achieve sustainable compliance with multiple regulations, industry mandates and internal policies. "Through 2011, companies that pursue an integrated strategy of a risk-oriented approach to compliance, standardization of controls and automation will reduce the scope of manual process controls by 70 percent and will get the most collateral business value from their compliance investments" according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. a Gartner report (The 2006 Planning Guidance for Compliance: Risk- Orientation, Standardization and Automation By French Caldwell, Christine Adams Christine Adams may refer to any of several people:
Need for an IT GRC Platform Analysts and industry thought-leaders agree that Governance, Risk and Compliance are closely coupled and best managed with an integrated GRC platform. General-purpose GRC platforms, however, are ill-suited to meet the specific needs for IT security risk and compliance management. Agiliance is the first to deliver a purpose-built IT GRC platform that supports the key IT concepts of assets, information security, technical controls, automated testing (testing) automated testing - Software testing assisted with software tools that require no operator input, analysis, or evaluation. and IT standards. Agiliance IT-GRC unifies the management of the three interrelated in·ter·re·late tr. & intr.v. in·ter·re·lat·ed, in·ter·re·lat·ing, in·ter·re·lates To place in or come into mutual relationship. in disciplines in a single powerful product: * IT Governance, at the strategic level, is where corporate objectives and policies are set with respect to acceptable levels of risk and to meeting specific industry mandates and government regulations. Agiliance IT-GRC provides all the necessary facilities for security policy definition and lifecycle management as well as management of controls - all based on frameworks such as ISO 17799/27001, COBIT-4, FFIEC and NIST SP800-53. * IT Risk Management focuses on assessing and managing security and compliance risk. Agiliance IT-GRC implements a robust security risk assessment workflow and quantifies risk by integrating the effectiveness of controls, relevant threats and vulnerabilities, and the potential impact of a security breach on business performance. * IT Compliance Management, at the more tactical level, ensures that appropriate actions are being taken to execute on Governance objectives and policies based on stated risk tolerance Risk Tolerance The degree of uncertainty that an investor can handle in regards to a negative change in the value of their portfolio. Notes: An investor's risk tolerance varies according to age, income requirements, financial goals, etc. . As the only solution that seamlessly integrates survey-based and automated monitoring, Agiliance IT-GRC tests and enforces technical and business controls to mitigate risk, ensuring that internal policies as well as industry and regulatory requirements are satisfied. "Security, Compliance and IT Risk Management initiatives may be owned by different organizations but leverage the same underlying processes," said Ken Newman, Vice President Security at American Savings Bank savings bank, financial institution that, until recently, performed only the following functions: receiving savings deposits of individuals, investing them, and providing a modest return to its depositors in the form of interest. . "Each one requires IT-governance based policies and controls which are ideally based on standards such as COBIT (Control OBjectives for Information and related Technology) A business-oriented set of standards for guiding management in the sound use of information technology from the Information Systems Audit and Control Association (ISACA) (www.isaca.org). and FFIEC, and each requires ongoing assessment and remediation. In addition, security and compliance are an integral aspect of a company's risk picture. An integrated offering significantly decreases costs and redundancy, improves collaboration between departments, and discourages organizational silos. We found the Agiliance IT-GRC platform to be the first solution that integrates these disciplines effectively in a compelling fashion." "We are honored to be working with leading organizations for their IT Risk Management and Compliance initiatives," said Pravin Kothari, founder and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Agiliance. "The future belongs to solutions that bring security policy management, standardization of controls, compliance and risk management together into one integrated and automated framework - IT-GRC. While various first generation solutions currently used in the industry only solve a part of the problem, Agiliance now delivers a complete solution." Quantifying and Managing Risk for Better Governance Most organizations understand the benefit that risk metrics provide in making more informed decisions, including for security and compliance management. Many, however, lack well defined methodologies based on standards such as COSO COSO Committee of Sponsoring Organizations of the Treadway Commission COSO Church of Spiral Oak COSO Corporate South COSO Class of Service Override COSO Combat Oriented Supply Operations (USAF) ERM (Enterprise Relationship Management) An umbrella term with many shades of meaning over the years. It may refer to the management of information from any or all of an organization's customers, suppliers, business partners and employees. or NIST SP800-30. Risk assessment, when performed, is commonly done by sending surveys to process owners via email and responses are consolidated in Excel spreadsheets. This manual approach takes inordinate amounts of time to complete and the results are error-prone and unreliable. Moreover, such a labor-intensive approach cannot scale, forcing the organization to assess risk on a small subset of their assets on a less frequent basis. Leading analysts agree with this issue. "The regulatory and controls environment is so complex that, absent technology, maintaining an ongoing program for the assessment and mitigation of regulatory and other risks is not feasible," according to a Gartner Group (company) Gartner Group - One of the biggest IT industry research firms. Address: Connecticut, USA. report (How to Implement a Risk-Oriented Approach to Compliance, French Caldwell and Paul Proctor Paul Proctor is an editorial columnist who identifies himself as a "rural resident of the Volunteer State" residing somewhere near Nashville, Tennessee. His columns, under the heading "Biblically Speaking", are published at NewsWithViews. , August 2006). Agiliance IT-GRC addresses this issue head on. It implements a best-practices standards-based risk assessment and management methodology. It replaces labor-intensive manual risk assessment surveys with automated processes and a workflow that supports management escalation and exception request handling. Agiliance's advanced risk analysis and correlation engine generates high-quality risk scores that integrate all relevant security, threat, vulnerability and incident information, including information generated by 3rd party security tools customers have deployed. Agiliance associates controls and compliance status with risk metric. Should a control fail, Agiliance increases the risk score of the affected assets and propagates the risk to the risk scores of all dependant business processes. These capabilities enable the organization to assess risk on a very large pool of their assets on an ongoing basis. Achieving and Maintaining Sustainable Multi-Regulatory Compliance In addition to internal policy objectives, IT organizations are subject to an ever increasing number of government regulations such as Sarbanes-Oxley (SOX (1) (Schema for Object-oriented XML) An XML schema developed by Veo Systems and Muzino Communications, which was submitted to the W3C. SOX is based on DTD, but adds data typing and reuse mechanisms. ) 404, GLBA GLBA Gramm-Leach-Bliley Act of 1999 (Financial Modernization Act of 1999) GLBA Gay and Lesbian Business Association GLBA Great Lakes Booksellers Association GLBA Glacier Bay National Park and Preserve and HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, , and to various industry mandates such as FFIEC, PCI (1) (Payment Card Industry) See PCI DSS. (2) (Peripheral Component Interconnect) The most widely used I/O bus (peripheral bus). or ITIL (Information Technology Infrastructure Library, www.itil.co.uk) One of the more comprehensive as well as non-proprietary and publicly available sets of guidelines for "best practice" IT services management, owned by the British Office of Government Commerce (OGC). and more. Analyst surveys reveal that most organizations handle multiple regulations as independent projects, entrusting them to separate teams. While effective in meeting compliance, this silo approach is hugely inefficient because of the very large overlap between many regulations and industry standards. A silo approach to compliance results in many redundant controls, unnecessary complexity and, of course, bloated compliance costs. Agiliance IT-GRC helps customers eliminate silos through the implementation of a common control framework based on standards such as ISO 17799/27001, COBIT-4, NIST SP800-53 and others. Common controls allow customers to test once, certify many mandates. The Agiliance platform ships with a vast content library of best-practices policies and controls, mapped to all major regulations and industry standards. Users can take advantage of the pre-defined policies and controls to quickly and easily implement a robust, standard-based, cost-effective compliance model that meets internal objectives and satisfies regulators. Agiliance also allows users to automate the deployment, monitoring and enforcement of policies and controls for assets that can be automated, which includes most computing assets. By enabling automation, users can further reduce risk and cost, and transition to continuous sustainable multi-regulatory compliance. Full Visibility Across the Global Enterprise Global enterprises spend millions of dollars on a multitude of fragmented compliance and information security programs. While each may be effective, executive management often lacks a consolidated view of the organization's overall risk and compliance posture, and cannot tell how the many isolated efforts align in achieving high-level goals and business objectives. Agiliance IT-GRC provides the visibility that empowers management to act and make more informed decisions. Agiliance rolls up lower-level metrics to generate high-quality, consolidated risk and compliance scores for any level of aggregation. Executive dashboards provide instant and full visibility into the relative IT risk and compliance posture and trends for divisions, business units, geographies and the whole organization. With this information, management can track risk and compliance levels against the organization's risk tolerance and focus attention on risk that matters most to business. In addition to enhancing executive governance with aggregated risk and compliance metrics, Agiliance IT-GRC fully addresses the needs of internal auditors, risk analysts, security and compliance managers. Agiliance IT-GRC dashboards and reports can be defined based on user roles, and users can drill down to any desired level of detail. Reports mapped to specific regulations and standards can be generated on demand and used as evidence for internal or external audits. Availability Agiliance IT-GRC is generally available. About Agiliance Agiliance, a leader in IT Governance, Risk and Compliance, provides an integrated, standards-based solution that enables enterprises to effectively analyze and decrease security risk, achieve continuous visibility of risk and compliance, and significantly reduce the cost of compliance with regulations and security policies. Agiliance's holistic risk-based solution integrates processes, applications, IT assets, physical assets, employees and vendors, allowing organizations to comply with government regulations (e.g., Sarbanes-Oxley 404, HIPAA, GLBA and FISMA FISMA Federal Information Security Management Act of 2002 FISMA Federal Information System Management Act ), industry mandates (e.g., SAS (1) (SAS Institute Inc., Cary, NC, www.sas.com) A software company that specializes in data warehousing and decision support software based on the SAS System. Founded in 1976, SAS is one of the world's largest privately held software companies. See SAS System. 70 and PCI), standards and frameworks (e.g., ISO 17799/27001, CobiT, FFIEC and NIST), as well as corporate policies. Agiliance is based in Mountain View, CA and can be reached at www.agiliance.com |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion