Verified Document

Risk Management Tools The Term Paper

The SMART-Ra solution is characterized by the following: The formal assessment of the risks through the employment of the ISO 27005 standards and the OCTAVE techniques

The systematic assessment of the risk through the PDCA model (plan, do, check, act)

The automated risk assessment through the Fast Ra feature, which "provides fully automated risk assessment with a built in database of standard assets, threats, vulnerabilities and controls" (Website of SMART-RA)

The creation of detailed reports such as multi-criterion filtering or exports to other formats

The monitoring of risks through the monitoring of risk mitigation controls and the identification of the new risks after mitigation (Website of SMART-RA).

Last, the third potential solution to automating the IT risk assessment is represented by the Symantec Risk Automation Suite (SRAS), which is also a privately developed solution, characterized by more flexibility and ease of usage.

"SRAS automates and orchestrates enterprise IT security and risk management. SRAS simplifies and integrates network discovery, baseline configuration management and vulnerability management enabling reporting for enterprise risks and regulatory compliance. It offers flexible agent-based or agent-less data gathering options across multiple hardware and software platforms. SCAP validated, enterprise proven" (Website of Symantec).

The Symantec Risk Automation Suite is characterized by four distinctive features, as revealed below:

The use of a SOA architecture which allows the centralization of the managerial efforts and the integrated reporting across security tools through the decision support portal

The rapid discovery of assets and inventories across the entire networks

The identification of vulnerabilities through the detection and reporting for the operating systems, the network, the infrastructure and the applications and databases

The configuration of the auditing and policy management through the preservation of "an accurate inventory system configurations, including installed...

Parts of this document are hidden

View Full Document
svg-one

The modern day society still lacks in these control mechanisms and the current emphasis falls on the creation of solutions to automate risk management. The three solutions that have been presented in the current project were both technical as well as practical, but the ultimate decision falls with the IT manager and is based on the needs of their networks.

Sources used in this document:
References:

Coderre, D., 2009, Internal audit: efficiency through automation, John Wiley and Sons

Automated risk management using NIST standards, ACR 2 Solutions, http://www.acr2solutions.com/Documents/Automating_Risk_Management.pdflast accessed on July 10, 2012

Risk assessment, Website of SMART-RA, http://www.smart-ra.com/riskassessment.aspxlast accessed on July 10, 2012

Symantec Risk Automation Suite, Website of Symantec, http://www.symantec.com/risk-automation-suitelast accessed on July 10, 2012
Cite this Document:
Copy Bibliography Citation

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now