Risk Manager

Real-time risk modelling

Many organisations suffer from a fractured approach to risk management, with each business unit using different metrics and systems and providing only superficial data – if any at all – to assist in an overall understanding of risk.

Referencing the latest incident and compliance data from across your organisation, the Blackthorn GRC Risk Manager module provides a more consistent and reliable picture of operational risk by letting you build and maintain risk models that represent your critical business assets. The models support a common language of risk across all business units in your organisation.

Cross-correlation of incident and compliance data

Blackthorn GRC Risk Manager draws on the latest information held within the Compliance Manager and Incident Manager modules. This feeds into risk models selected to represent your critical assets and calculates real-time risk from important “coal-face” data.

Real-time analysis

Unlike other risk analysis solutions that take a snapshot of a single point in time, the source information that Blackthorn GRC Risk Manager draws on is updated on an ongoing basis. Risk calculations are therefore constantly evolving to reflect the current risk situation.

Industry best-practice standards

Supports risk modelling using the following industry standards and best practice:

  • US NIPC risk calculation metrics
  • ISO/IEC 27001 control types
  • CVSS vulnerability metrics
  • SEI OCTAVE threat trees
  • OWASP vulnerability types
  • BS7799: Part 3 threat objects
  • CIAA control and impact metrics
  • PCI DSS control types
  • Customer defined categories

Advanced functionality

Blackthorn GRC Risk Manager provides sophisticated tools to enable detailed analysis. Key features include:

  • Analysis of value appreciation and depreciation
    Providing an accurate picture of potential financial impacts of the occurrence of risk events
  • Exposure and cover analysis
    Helping you to identify key areas of concern and supporting stakeholder decision-making
  • Drag-and-drop visual modelling
    Enabling quick and straightforward construction of tree diagrams to illustrate risk
  • Wide range of reporting options
    Including traffic-light style reporting, as well as custom dashboards
  • Automatic reminders for control reviews
    Ensuring that controls stay relevant to your organisational processes
  • Critical control analysis
    Showing you which controls give you the most value
  • Out-of-the-box model templates
    Featuring our PIPS™ template tree, which evaluates risk in relation to people, information, property and systems
  • Monetary and points-based results
    Presenting results using either a points-based system or a monetary scale with in-built currency conversion. Our PIPS template tree enables you to produce a risk total for the entire organisation.
  • Policy exception handling
    Closing the loop on risk acceptance and enabling clarity for stakeholders, risk and compliance managers

About us

QCC was founded in 1996 to deliver an in-depth technical knowledge of information and physical security, with a thorough understanding of IT security, relevant laws and proven investigative skills.

Contact information

+44 (0)207 353 9000

contact@qccis.com

Buchanan House, Holborn, London, EC1N 2LX

QCC Information Security Ltd

Skype Us™!
© 2011-2012 QCC Information Security Ltd. All Rights Strictly Reserved.
Website created and maintained by   Web Archetype.