IT GRC Software Solution
Adopt best practices to improve accountability and communication
  Solutions
Quality Management
Regulatory Compliance
Risk Management
IT GRC
IT Governance and Policy
IT Risk Management
IT Compliance Management
IT Audit Management
IT Incident / Issue
Entitlement Management
Green Data Center
Corporate Governance
Sustainable Environment
  Featured Industries
Banks and Financial Services
Energy & Utility
Healthcare
Health Insurance
High Tech
Manufacturing
Government
more ...  
Home > Solutions > IT GRC > IT Incident Management

Integration with Continuous Compliance and Security Monitoring Systems

   Favorites Favorites
More Topics
Datasheets
Webinars
Solution Briefs
IT Risk and Compliance management process can be automated through integration with various compliance and security monitoring systems. Incidents arising from these systems can be mapped to IT risk repositories and help incident response team to evaluate incident’s risk to the organization.

For instance, details about newly registered browser vulnerability in the vulnerability database can be automatically downloaded into the MetricStream IT Risk Management solution. Based on the common vulnerabilities and exposures details, solution can automatically trigger an incident investigation task for information security asset (software, hardware) or group of assets.

Key Benefits of MetricStream Solution:

  • Integrate with leading compliance and security monitoring systems to proactively identify compliance risks and automate IT GRC processes
    • Threat and Vulnerability Management: Threat and vulnerability incident of an information asset or group of assets can be used as a factor in evaluating compliance risk of ISO 27002, COBIT, PCI, NERC or other compliance program. Compliance owner can trigger vulnerability risk assessment or action plan to mitigate the risk.
    • Configuration Compliance Management: “Configuration changes” related to information asset(s) can result in non-compliance. For example changes made in file share permissions or unauthorized data access should be recorded in IT risk scores of an asset and reflected on compliance program.
    • Identity Governance / Entitlement Management: User provisioning, Segregation of Duty and Access Control events can be used as an important source to calculate risk scores.
    • Security Information and Event Management: Frequent incidents related to unauthorized access of IT resources or impersonation etc. increases compliance risk. MetricStream IT GRC Solution can integrate SIEM data to use it as source to determine likelihood of an unfavorable event.
  • Classify the risk ratings and severity of the incident based on the risk criteria (confidentiality, integrity, availability, effectiveness, efficiency, compliance and reliability) of the asset
  • Trigger action plan for owner(s) of the information asset(s) based on risk rating and classification
  • Trigger risk management process for incidents during investigation process
  • Implement new controls or strengthen existing controls to mitigate risk
  • Adopt rigor and discipline in the IT Risk and Compliance Management process to reduce compliance costs and business losses

  Resources
Webinars
Minimize IT Risks through Automation of IT GRC Process

Managing Healthcare Privacy, Identity Theft & Information Risk
Datasheets
IT GRC Solution
Insights
Challenges to PCI compliance
New Compliance Challenges for the Healthcare Industry
IT BCP and DR
Solution Briefs
IT GRC - Enhancing Technology Capabilities
  Next Steps