Lumension Security Inc, the company formerly known as PatchLink, has released Risk Manager as a tool that could help automate risk assessments and so cut the cost of compliance.
The idea is that in streamlining security and IT audit processes it should be possible to support greater levels of automation across audit workflows.
According to Lumension one of the key benefits of its new Risk Manager product include a reduction in audit resources. The technology automatically identifies control requirements for compliance regulations and is determined by the risk profile inputs for each IT asset.
The system provides visibility for compliance and risk through risk profiling. This is a process which is automatically correlated with internal and external compliance requirements to suggest mitigating IT controls and address potential regulatory and IT risk exposure.
It harmonises controls across different regulations including PCI, SOX, CobiT or NIST, the company said.
Risk Manager also provides a means of running automated surveys to complete the assessment of physical and procedural controls, and will then generate reports with key metrics to satisfy a diverse IT risk and compliance audience.
By helping automate previously manual tasks, Lumension claims its new addition provides an efficient manner for obtaining system owner input into the risk analysis process, and so reduces the cost of compliance.
Reducing the total cost of compliance initiatives has been revealed to be a top priority among businesses.
In May 2009, Aberdeen Group published research on governance, risk management, and compliance (GRC) under the title, Managing Risk, Improving Visibility, and Reducing Operating Costs. The study described the policy, planning, process, and organisational elements that contribute to successful initiatives in the area of IT GRC.
Cost came out as a top issue in the study, followed by the need to provide greater visibility for better decision-making and to mitigate technical and operational risk.
Aberdeen also found that while some technologies such as log management or security information and event management are used to a similar degree by most companies, the best performers have strongly begun adopting IT GRC platforms to centralise information and automate their processes in a bid to improve effectiveness and drive down the cost of compliance.
