HP intros service to reduce business risk
By Canadian Security
HP has announced new consulting services to help clients make rapid, data-driven decisions about the management of information-security risk across their organizations.
By Canadian Security
The new HP Security Metrics Services offer a patent-pending methodology and framework to more clearly demonstrate the potential that a security incident might have on business objectives.
HP Security Metrics Services utilize an organization’s existing sources of security data, set parameters that give stakeholders a clear alert when their business objectives are at risk, and enable them to determine their overall risk posture. When threats or incidents impact stakeholder objectives, users can quickly identify the source of the risk and make timely decisions to address the threat.
Most organizations today are not able to proactively address security risks before impacting their business. This is due to the lack of necessary visibility into key security data and alerts that can help organizations determine the level of potential risk to their business.
In spite of this, a recent survey conducted by the Ponemon Institute found that 75 percent of respondents indicated that metrics are “important” or “very important” to a risk-based security program.
“Security risks are getting harder for organizations to navigate, and point-solution defenses are no match for the adversaries,” said Arthur Wong, senior vice president and general manager, Enterprise Security Services, HP. “By aligning information-security data with stakeholder business objectives, HP Security Metrics Services help transform organizations to a consistent, measurable and proactive security posture to make informed risk decisions and justify security spending.”
The new HP Security Metrics Services allows businesses to:
1) Identify security risk indicators through cutting edge framework
By utilizing a simple, clear framework that links IT assets to 34 identified key risk components, organizations can prioritize their business objectives and processes and correlate them to threats, vulnerabilities and incidents. These components are underpinned by a predefined library of security data sources, which specifies how the data is gathered and used to provide ongoing business-related risk information.
Using this framework, changes in risk indicators will alert stakeholders to see which risk component category has triggered the change. Once the category has been identified, stakeholders can drill down into the associated higher-level reporting, trending, information dashboard and data layers to investigate causes of the changed risk-indicator status.
2) Manage risk by leveraging at-a-glance security incident alerts
HP Security Metrics Services leverage the HP Executive Scorecard software application to display critical business objectives in a user-friendly dashboard. This allows for quick, at-a-glance security incident alerts that enable users quickly to obtain additional detail, including processes and assets prioritized by their risk status.
HP Security Metrics Services use the HP Executive Scorecard coupled with patent pending methodology and framework to help clients:
· Deepen executive-level security engagement by demonstrating how specific security risks imperil business objectives.
· Reduce risk exposure and minimize security incident damage by alerting key stakeholders to risks, enabling them to take timely and effective action.
· Assist regulatory compliance with better incident reporting as well as trends in threats and vulnerabilities that may affect compliance.
· By providing identifiable links among security management activities, supporting resources and business objectives, support investment decisions and track results achieved from security investments.