66%*Reduction in the time taken to complete risk assessments
37%*Cost savings in risk assessments and associated processes
30%*Reduction in the number of man-days required for a scaled-up level of vulnerability management
IT Risk Management App
The MetricStream IT Risk Management App empowers organizations to adopt a focused and business-driven approach when managing and mitigating IT risks and threats. The app integrates with multiple end-point IT security and infrastructure management tools and security intelligence feeds to identify and prioritize the risk exposure for IT assets.
It also provides sophisticated analytics and reports that transform raw risk data into actionable IT risk intelligence, providing clear visibility into the top risks within the enterprise. The app is certiﬁed for conformance with global accessibility standards and best practices as deﬁned by WCAG 2.1 Level AA and Section 508.Download Datasheet Business Value Calculator
Deﬁne and maintain business entities such as IT risks, assets, threats, vulnerabilities, processes, and controls. Consolidate IT assets in a common library leveraging out-of-the-box connectors with a Conﬁguration Management Database (CMDB) such as BMC Atrium. Map IT assets to threats and vulnerabilities along with associated details such as description, category, hierarchy, ownership, visibility, and validity.
Monitor the threat landscape, zero-day advisories, and threat bulletins. Subscribe to RSS or email-based threat alerts from leading industry sources, and ﬁlter the alerts based on keywords.
Import vulnerability data from multiple third-party vulnerability scanning tools such as QualysGuard and Nessus. Alternatively, subscribe to RSS or email-based threat alerts from leading industry sources. Generate a combined risk rating across each asset’s vulnerability and business context. Based on the rating, prioritize vulnerability remediation strategies for optimal eﬃciency. Orchestrate the remediation process workﬂow using predeﬁned templates and rules.
Assess, quantify, monitor, and manage IT risks in an integrated manner using industry standard IT risk assessment frameworks such as ISO 27001, FAIR, and IRAM2. Perform multi-dimensional risk assessments with support for both top-down and bottom-up approaches. Conduct advanced assessments by conﬁguring risk scores, and ranking them using a simple risk matrix. Roll up the scores to an assessed entity or organization. Deﬁne the logic for computing both inherent and residual risk scores, and view and analyze these scores through ﬂexible heat maps.
Identify and document issues from IT risk assessments as well as threat and vulnerability management. Initiate a closed-loop process of investigation, root cause analysis, and remediation. Prioritize and assign resources for investigation and remediation through the underlying workﬂow and collaboration engine. Deﬁne an action plan, and track the remediation process to closure.
For vulnerabilities, deﬁne rules to auto-detect vulnerability patterns among assets and to auto-trigger remediation of issues or incidents. Automatically route incidents from the app into BMC Remedy and ServiceNow.
Generate user-conﬁgurable risk reports, risk heat maps, and role-based executive dashboards which aggregate IT risk, threat, and vulnerability data for comprehensive visibility. Gain a 360-degree view of the information through the app’s data browser. Continuously monitor risk metrics and performance, as well as the organization’s threat and vulnerability posture.
Delivering Business Value
- Build conﬁdence with regulators and executive management by demonstrating a robust, enterprise-level approach to IT risk management and business resilience
- Improve eﬃciency by correlating vulnerabilities with IT assets, and prioritizing remediation eﬀorts based on the areas of highest criticality
- Save costs by rationalizing IT risk and control assessments, while also reducing redundancies and errors
- Improve decision-making, and reduce IT risks and threats with accurate and timely insights from the ﬁrst and second lines
- Gain real-time visibility into IT risk and threat exposure, as well as the appropriate mitigation measures through contextual risk information from across processes and assets
The GRC Transformation at Nationwide, the need for new GRC technology, implementation best practices and the benefits of implementation.
MetricStream IT Risk Management Software Solution
As businesses embrace a digital, mobile, and cloud-based operating model, the need to protect information security and privacy is greater than ever. Given the rise in cyber-attacks and data breaches, IT risk management has become a top priority. However, the use of siloed systems and manual processes often makes it challenging to identify and respond to IT risks in a timely manner.
The MetricStream IT Risk Management Software Solution enables you to implement an integrated and systematic process to manage IT risks. The solution supports risk assessments based on multiple quantitative and qualitative factors and risk models such as DREAD and STRIDE. A central risk library, risk algorithms, configurable risk heat maps, and more all enable you to stay on top of IT risks, and resolve emerging issues quickly.