Product > Modulo Risk Manager > How does it work?

How does it work?

Effective risks management and control imply development and maintenance of a process that enables to identify, analyze, evaluate, and treat risks that may cause negative impacts to the organization, besides prioritizing actions to reduce them to an acceptable level.

To do so, knowledge, methodologies and tools that enable risks measurement and control are required, in addition to the compliance with standards and regulations specific to your business.

Risk Manager eases managing risks and evaluating the compliance with market standards and regulations, as well as, IT environment governance. Risks analyses are performed by using a structured methodology, sustained by international risks management rules and standards.

Risk management is performed through a Risks Management cycle composed by the activities: Inventory, Analyze, Evaluate and Treat.

Inventory

It consists in mapping organization’s assets, business processes and threats. The inventory structure is easily implemented by defining organizational, physical or process perimeters, besides using tools that automate the entire activity.

Analyze

With Knowledge Bases constantly updated by a MSLAB research team, Risk Manager helps performing risks analyses of several kinds of assets. The analyses can be automated by using automatic controls, WEB questionnaires, offline questionnaires and PDA. There are more than 4,000 automatic collectors for several kinds of assets (technologic or not) that are distributed in several Knowledge Bases, totalizing more than 11,000 controls.

Evaluate

Each resource is pointed out according to its relevance to the business. Risks evaluation is performed by generating objective and practical reports, with executive, tactical and operational points of views, such reports can be presented in different forms, such as, assets type, perimeters, business processes and threats. This enables to verify which assets or business processes run higher risks. Through a specific module, risks can be classified as acceptable or they can be sent for treatment.

Treat

Risk treating is performed by observing recommendations and best practices. Through a web module, it is possible to manage controls implementation processes; those shall reduce the risks, in addition to register events that may cause impacts on the organizations' operations. It is possible to measure Risks evaluation by tracking consecutive analyses.

Modulo Risk Manager provides an objective methodology that offers qualitative and quantitative results that can help on effectively prioritizing actions and supporting decision-making.