IT Governance, Risk and Compliance Management

Home
Solutions
Product
Industries
Services
Customers
- Success Stories
- Global Customers
Partners
- Find a Partner
- Become a Partner
Library
- Articles
- Webinars
News & Events
Company
Contact us

Solutions > Overview

Overview

What initially, and perhaps still, could be seen as a method to secure information-related assets, has developed in at least two main disciplines:

Risk Management, and
Compliance Management.

Both disciplines refer intrinsically to the organization's governance process. Therefore, they should be perfectly integrated to the organization's mission and strategies. Easier said than done, isn't it?

The complexity of these maters is great but the path to deal with it is relatively straightforward:

Develop a clear picture of what is there to be protected.
Establish what the threats and threat agents to your assets are.
Select and implement appropriate sets of security controls. Take into account their risk mitigation effect and the level of risk deemed acceptable by the organization for each type of asset.
Consider all the applicable regulatory, legal and standard requirements. Check if the adopted security measures are in compliance. Make the necessary adjustments.
Monitor security incidents, user activity, and system and requirement changes, so as to be sure of the effectiveness of the security controls.
Periodically re-evaluate the risk to which your organization is exposed and take the necessary actions. In other words, cycle through steps 1 to 5 regularly.

This comprehensive approach to Security and Governance comprises the essence of a Certification and Accreditation program as well as the foundation of Modulo's proposed solutions.

Solutions differ from each other mainly because of the specific goals of the project sponsors, which, at least in part, are a consequence of the industry's regulatory environment, common threats and average risk.

In case the predominant objective is to mitigate the chance of having systems "hacked into", contaminated by virus, disrupted or in any other way compromised, Risk Management is the solution.

On the other hand, if compliance to a well-defined set of requirements is the project's main drive, it will be necessary to compare the existing security controls (or, in some cases, the IT processes) to that requirement set. For this, see the solutions named after the corresponding framework:

FISMA, circular A-130, NIST SP 800-53
HIPAA
ISO 27002
NERC's CIP standards
DoD instruction 500.2
CobiT

Learn more

Risk Manager Overview
Download the Modulo Risk Manager Product Overview (PDF).

New Features 4.1.2
Download the Modulo Risk Manager New Features 4.1.2 (PDF).

Success Stories

NYU
"Deploying Risk Manager and thereby automating the information risk management and regulatory compliance processes at NYUMC has been a successful initiative."

TRE
"There was a 40% reduction in risk rates. Besides, we reduce the time spent to detect potencial fragilities."

Microsoft
"Modulo Risk Manager was used as a solution to speed up our risk assessments."

Xerox
"Modulo Risk Manager has helped Xerox comply with IT security requirements set forth in the Sarbanes-Oxley act."

Company Site map Privacy Policy Contact us