Enterprise Services Products

New regulatory requirements (for example SOX, Basel II, FISMA, ISO 17799) and the reality of the ever-increasing reliance of the business world upon computer systems, dictate the need to practice continuous and properly managed risk management. In fact, risk mitigation is becoming the main driver for IT investments. Therefore, there is a growing need to convert security from an isolated technical issue to the language of business, implementing new methods and tools.

The complexity and multiplicity of RM activities cause them to be a major budget item, although often not supplying full coverage due to manually performed reviews and the scarcity of truly specialized and experienced RM experts. Additionally, business managers and executives find it difficult today to see the global organizational risk landscape or handle the vast complexities of the RM process in order to carry it out efficiently.

WCK-Lancelot

WCK-Lancelot is a comprehensive risk management software tool that aims to answer the growing need for organized and effective risk management. It:

  • Analyzes the enterprise architecture, mapping business processes throughout systems that support them, as well as components and technology.
  • Able to import and integrate input data from various third party tools, such as vulnerability scanners and penetration test results.
  • Provides the user an architecture specific questionnaire which also takes into account required frameworks, policies, methodologies, and regulation compliance requirements (for example SOX, Basel II, COBIT, ISO 17799, FISMA). High-level controls are translated into detailed technical control questions, and the system allows distribution of the questionnaire to technical specialists through a trackable workflow process.
  • Identifies gaps between existing and yet required controls. It calculates risks and residual risks, according to CIA triad levels (Confidentiality, Integrity, Availability), business impact and probability.
  • Provides real-time dynamic reports, clearly displaying the current level of business risk in different perspectives (enterprise perspective, specific system perspective, etc.), and allowing drill-down capabilities down to the system component.
  • Suggests risk mitigation activities and includes a workflow process for assigning mitigation tasks and tracking mitigation activities.

The tool it designed to meet RM needs in large organizations, but can effectively be used by medium-sized organizations as well. It provides the ability to manage security risks in distributed environments and allows the Chief Security Officer (CSO ) and the IT manager to measure their success.

 WCK-Lancelot's advantages:

  • One Stop Shop: WCK-Lancelot provides consolidated (also from third party software tools), dynamic, and infrastructure-specific status for all IT risks, offers mitigation activities, and enables workflow tracking, all in the same product.
  • Business Process Orientation: WCK-Lancelot observes the business process from end to end and the systems supporting it. It discovers, assesses and quantifies risks in a business process level and business terms (but also deals with detailed technical controls). It is compliance oriented – supports standards and regulation requirements such as SOX, Basel II, ISO 17799, FISMA, COBIT.
  • Real Time: WCK-Lancelot provides a central dashboard allowing real-time tracking of mitigation activities and risk status in various perspectives, as well as drill down capabilities.
  • Smart, Learning Engine: WCK-Lancelot is able to analyze dependencies between assets and processes, dependencies between components, identify architecture derived threats, and deal with complex scenarios.

 

For further information regarding White Cyber Knight and WCK-Lancelot, please contact us.

 
Home About Us Products Our Methods Publications Contact Us
2005 whitecyberknight.com - Leaders in Information Risk Management - All Rights reserved.