Agiliance Aims for Complete Risk Management

The company is expanding its IT GRC product to eliminate risk and compliance information silos.

Agiliance is releasing a new version of its governance, risk and compliance management product with the aim of delivering an end-to-end IT risk management tool.

Agiliance IT-GRC version 3.0, rolled out Nov. 6, includes a number of enhancements designed to enable enterprises to address changes in their risk profile as their underlying IT infrastructure, processes, applications and users change.

Armed with the Enterprise Risk Management module, organizations can create model risk scenarios that encompass operational and financial risks, by combining opinions from employees via Web-based surveys and workshops with automated IT risk data from underlying infrastructure, company officials said.

In this way, Agiliance IT-GRC 3.0 offers the holistic view needed to implement an effective risk management program, said Patrick Kerans, vice president of marketing at Agiliance, based in San Jose, Calif.

The product leverages what the company calls key risk indicators, which change automatically as the IT infrastructure, processes, applications and users associated with them change. When a scanner identifies a vulnerability, risk increases; as it is fixed and the ticket is closed, risk decreases, company officials said.

"Were able to provide a dashboard that incorporates key risk indicators," Kerans said. "The end users are in a position to choose those that matter most to them, and using those were able to tie those key risk indicators … into the operational information coming from the assets and the changes that are going on with respect to those assets. So that provides management with this top down view into their risk position both with respect to compliance as well as general business risk associated with IT infrastructure."

Other enhancements include a customizable workflow that ensures identified risks are tracked through their life cycle from known to mitigated risks and the ability to map regulations to standard controls to policies, best practices and other content.

Marc Othersen, an analyst with Forrester Research, said the product can model traditional and non-traditional elements of IT environments from technology assets to information assets and operational processes.

"A critical success factor for building a sustainable IT compliance program is to clearly understand where controls should be applied within the IT environment," he said.

"Most regulatory sources that govern IT require a combination of technology and operational controls to fully achieve compliance. The Agiliance solution has the capability to test both types of controls through direct data feeds from technologies and manual data collection surveys. This positions their solution well ahead of technology-only compliance tools when building sustainable IT compliance programs."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.