The SeCube RISK module is a software component that can be widely parameterized and is capable of independent operation.
The SeCube RISK module is a software component that can be widely parameterized and is capable of independent operation.
The software’s risk analysis function enables the uniform support of the company’s various types of risk analysis. The different types of risk analyses in a number of different areas can be run concurrently, the results of which can be managed in a uniform approach in the interest of implementing and supporting integrated comprehensive enterprise risk management (ERM).
One or more, separately managed risk analysis threads/packages can be launched in the RISK module, with separate responsible persons and assessors. These can be various types of risk analyses or the separate risk analyses of separate areas.
The scope of the various risk analyses can be flexibly adjusted as regards threats and/or resources, so full-scale or partial (or ad hoc)/project-based risk analyses can be performed as well, or the security of other company areas (IT, physical, human resource, business security, and data protection) can also be taken into assessment.
The risk analysis can be carried out periodically or continuously according to the needs of the organization.
The fundamental risk analysis methodological parameters and risk calculation methods can be widely customized in the software, providing an opportunity to take the Company’s attributes and the requirements of certain parent companies or legislation into account. The interpretation of effects and damages can be fully tailored to a company and its environment (material damages, damages to goodwill, legal consequences, personal injury, etc.).
The methodological parameters and the freely expansible lists (threats, vulnerabilities, protective measures) in the risk analysis module are based on information security recommendations (NIST), standards (ISO), and legislation (Information Security Act), supplemented with Kürt’s experience and feedback. The applied risk analysis methodology and terminologies are compliant with the specifications of the ISO/IEC 27005 standard.
The risk analysis connects the vulnerabilities and protective measures of the data assets with the threats. If they were to occur, cause and effect simulations are available to analyze the consequences and the resulting business damages. Risks can be assessed and continuous risk management activities can be conducted.
The main characteristics of risk analysis:
Various analysis reports can be used to evaluate the risks identified in the course of the risk analysis and to make risk management decisions. The results of multiple risk analyses can be evaluated and managed separately and in an integrated manner.
Detailed measures can be planned for the risks. The connection between risk management measures and risks can be freely defined (n-n relationships). The implementation of task management functions assists in risk management measures with the use of responsible persons, statuses, email notifications, and reports that support even time comparisons (status as at the analysis, current date status, future planned status). The aim of risk management and reporting functions is the continuous management of the company’s risk-proportionate protection. Risk report features: