Академический Документы
Профессиональный Документы
Культура Документы
MetricStream Whitepaper
Benefits of IT Risk Management Process Today, corporate battles can be fought using cyber warfare,
Automation wherein competitors steal sensitive information by hacking into
○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○
corporate systems or exploiting their vulnerabilities. Such unethi-
cal acts of sabotage and vandalism can cause severe losses to an
INTRODUCTION organization's revenue, brand value and market share. Moreover,
Automating the IT Risk Management process is critical for the organization is held liable for any data theft incidents related to
organizations who want to secure their IT investments from payment card or patient healthcare information.
internal and external risks related to information security, infra-
structure, project management and business continuity processes. AUTOMATION OF THE IT RISK MANAGEMENT PROCESS
Furthermore, a well defined IT GRC program based on frameworks IT operations, fraud and surveillance systems such as threat and
such as COBIT and ISO 27002 cannot achieve high maturity vulnerability management, configuration and compliance auditing
scores without process automation for risk and compliance and identity governance systems can be used as sources for
management. automating the IT Risk Management process. Incidents arising
from these systems can be mapped to IT Risk repositories,
Threat and
Vulnerability
National
Vulnerability
Incident, Fraud
and Surveillance
Identity
Governance
enabling incident response teams to evaluate their risk to the
Management System Database System System
organization.
ABOUT METRICSTREAM
MetricStream is a market leader in Enterprise-wide Gover-
MetricStream has been positioned in the “leaders” quadrant in nance, Risk, Compliance (GRC) and Quality Solutions for global
the recently published Gartner Magic Quadrant for Enterprise corporations. MetricStream solutions are used by leading
Governance, Risk and Compliance Platforms. corporations such as Pfizer, Philips, American Airlines,
As per the Gartner Research Analysts French Caldwell and NASDAQ, Hitachi, Aurobindo Pharma, Sandisk, BP, Entergy,
Tom Eid, MetricStream “demonstrated effectively all four Subway, Fairchild Semiconductor, and TaylorMade-Adidas Golf
GRCM primary functions - audit management, compliance in diverse industries such as Pharmaceuticals, Medical
management, risk management and policy management.” Devices, Automotive, Food, High Tech Manufacturing, Energy
and Financial Services to manage their quality processes,
regulatory and industry-mandated compliance and corporate
governance initiatives, as well as by over a million compliance
MetricStream has been cited as a 'Leader' in the recent professionals worldwide via the ComplianceOnline.com portal.
published report Forrester Wave: Enterprise Governance, Risk
and Compliance Platforms, Q3 2009.
MetricStream
www.metricstream.com info@metricstream.com