As organizations expand their business networks through electronically connected supply chains, business partners and customers, they face increased threat of cyber attack against their information assets and business processes. Loss of data and intellectual property, inability to process transactions and loss of customer information are all risks that keep IT Managers awake at night.
Incidents such as the rerouting of 15% of the world’s Internet traffic through foreign servers in April 2011, including communications from Congress and the US military, gives some indication as to the reality and magnitude of these threats to business performance.
Active Risk Manager helps organizations with the management of cybersecurity risks through the standard process of:
- Identification and location of information assets
- Classification of the information assets
- Identification and assessment of specific threat events
- Threat modelling
- Threat mitigation
ARM uniquely seeks to manage these threats against a quantitative spend model to help ensure that the organization is able to justify in financial terms why it is investing in preventative controls.
ARM’s ability to support direct qualitative and quantitative risk assessment of multiple impacts such as those defined by the STRIDE methodology, against specific risk events that are in turn linked to business objectives provides an ability to evaluate the likelihood of future IT security incidents in an economic model and alongside this the preventative control framework and recovery plans should an identified scenario occur.