Reducing IT risk and complexity, without significantly impacting the corporate budget or productivity of workers, continues to be a challenge for enterprise IT departments. With the latest version of its established Security Management Program, Verizon is helping businesses around the globe to better address security risk through an enhanced Risk and Compliance Management Console.
The just-launched console introduces new risk-management and status-reporting capabilities that provide greater insight into IT security risk. Enterprise clients also have access to numerous process and workflow optimization tools, as well as the existing Compliance ScoreCard.
(For a blog post that defines and explains the value of risk management, click here.)
"The newest version of the Verizon Security Management Program enables our security clients to make informed risk-based decisions that positively impact their businesses," said Peter Tippett, vice president of technology and innovation at Verizon Business. "Our Risk and Compliance Management Console now enables clients to quickly and easily engage in advanced risk management, trending and modeling - all with the goal of reducing overall IT risk."
Highly Customized Risk Intelligence Enables Informed Decision Making
The Risk and Compliance Management Console provides user-friendly reporting, analysis and risk forecasting via two easy-to-use components, a Risk ScoreCard (offering highly detailed information) and a Risk Dashboard (providing an overview of an organization's risk posture). The components contain these key features:
- The Risk ScoreCard provides risk scores based on three main calculations --likelihood, impact and control implementation -- across more than 250 different threat categories. The likelihood score is based on the customer's threat characteristics. Impact calculates how much of an effect a compromise would have on the business. Control implementation is determined based on how many security countermeasures (as described by the ISO 27002 information security standard) the customer has already implemented.
The scorecard uses a visual "heat map," which is color-coded red, orange, amber or green to denote the seriousness of various threats. It also helps facilitate immediate comparisons and quick identification of risk score patterns or anomalies. SMP customers can also access detailed views of their risk scores for more than 250 threat scenarios.
- The Risk Dashboard provides risk-profile management and status reporting capabilities and improves visibility into the progress of the customer's risk-management activities through several graphical status-summary panels. These include residual risk score (derived from an average of the three risk scores for likelihood, impact and control implementation), risk trending, risk views (provides residual risk views by several threat scenario elements) and top 10 risk-reducing controls (enables customers to engage in risk modeling where they can run threat scenarios and compare their current risk score against a projected risk score).
By using the SMP Compliance ScoreCard, customers can analyze risk patterns across multiple industry regulations, including ISO 27002, COBIT 4.1, PCI DSS 1.2 and HIPAA, and compare their compliance posture with SMP peers.
"The complexity of risk management is a challenge for many enterprises," said Christian Christiansen, program vice president, IDC Security Products and Services. "Verizon's enhanced console gives customers a view into their potential IT risk and the ability to plan accordingly."
Verizon's SMP risk-scoring methodology is uniquely built on the intelligence information from Verizon's RISK Team, which gathers, analyzes and mathematically correlates risk intelligence from a wide range of sources - most notably from its expert analysis of more than 900 actual data breaches presented in Verizon's Data Breach Investigations Reports. The aggregate intelligence is then customized for SMP clients, based on their unique threat profiles for likelihood, impact and control implementation.
Established more than a decade ago as one of the first such offerings, the Verizon Security Management Program takes a proactive approach to mitigating risk by reviewing customer security measures across a broad range of security controls, from network and system analysis to policy and process inspection. This programmatic offering helps customers understand, manage and report on IT risk; address multiple compliance challenges; and prevent security incidents and data loss.
Verizon Business offers managed security services; governance, risk and compliance solutions; data loss and prevention solutions; and identity management solutions, all delivered by the company's more than 1,200 security professionals around the globe. More information is available by visiting http://www.verizonbusiness.com/products/security. The company also provides ongoing security insight and analysis via the Verizon Security Blog.
About Verizon Business
Verizon Business, a unit of Verizon Communications (NYSE, NASDAQ: VZ), is a global leader in communications and IT solutions. We combine professional expertise with one of the world's most connected IP networks to deliver award-winning communications, IT, information security and network solutions. We securely connect today's extended enterprises of widespread and mobile customers, partners, suppliers and employees - enabling them to increase productivity and efficiency and help preserve the environment. Many of the world's largest businesses and governments - including 96 percent of the Fortune 1000 and thousands of government agencies and educational institutions - rely on our professional and managed services and network technologies to accelerate their business. Find out more at www.verizonbusiness.com.