| Favorites |
 |
|
|
|
|
Business Challenge
The most crucial step in an IT GRC program is creating and maintaining an inventory of all organizational assets. It is important to know what needs to be protected, and how to protect it. Critical data is usually held at different locations throughout an organization’s network; but the network itself continues to grow without being properly documented. Knowing what platforms and software have been deployed in your environment is the only way to determine if a new vulnerability applies to your network, and if you should be concerned about controlling or mitigating the associated risk.
MetricStream’s Solution
MetricStream provides a comprehensive framework for managing and monitoring IT assets across the enterprise. The solution enables you to track the IT inventory and changes to corporate endpoints, applications, devices and related information systems that comprise or interact with IT infrastructure.
Using the solution, you will be able to:
- Create and integrate IT asset information from CMDB and IT asset management systems.
- Gain access to asset criticality and severity information for calculating asset risk profiles.
- Link assets with policies, regulations, controls and risks.
- Schedule automated or manual IT asset risk assessments based on assessment questionnaires or integration with compliance monitoring systems
- Generate risk assessment status reports based on individual assets or groups of assets.
IT Asset Management Capabilities
A Centralized Asset Repository with Flexible Parameters
MetricStream Asset Management Solution provides built-in fields to capture the status of assets, and flag them as critical or non-critical based on various parameters. All asset information, including risks, IT control self-assessment details and computer control data are stored in a centralized library in a many-to-many manner. Using the solution, users can define and maintain a centralized structure of the overall IT compliance and control hierarchy, including processes, asset repositories, risks for the processes and assets, controls to mitigate the risks, and programs to audit and assess the controls. The solution also includes associated policies and procedures, reporting requirements, and filing templates and schedules for various regulations.
Integration with Third Party Asset Management Systems
There are three predominant types of IT asset management systems: Repositories, Auto Discovery systems, and Software Usage Monitoring systems. The MetricStream solution integrates with many of these systems, including HP Asset Manager, CA, BMC, IBM Tivoli, nCircle, Qualys, eEye and Symantec, as well as Active Directory, Excel spreadsheets or XML files. The solution extracts asset management data from these systems, and integrates it with other critical risk and compliance data, thus providing organizations with a comprehensive view of all the information required to make critical strategic or risk-based decisions.
IT Asset Lifecycle Management
The MetricStream solution provides advanced capabilities for managing IT assets through all stages of their lifecycle - planning, acquisition, deployment, management, support, and disposition. The solution also enables organizations to adapt to compliance changes faster by providing quick insights on where assets are located, and what configurations they have.
|
