The SMART-Ra solution is characterized by the following:
The formal assessment of the risks through the employment of the ISO 27005 standards and the OCTAVE techniques
The systematic assessment of the risk through the PDCA model (plan, do, check, act)
The automated risk assessment through the Fast Ra feature, which "provides fully automated risk assessment with a built in database of standard assets, threats, vulnerabilities and controls" (Website of SMART-RA)
The creation of detailed reports such as multi-criterion filtering or exports to other formats
The monitoring of risks through the monitoring of risk mitigation controls and the identification of the new risks after mitigation (Website of SMART-RA).
Last, the third potential solution to automating the IT risk assessment is represented by the Symantec Risk Automation Suite (SRAS), which is also a privately developed solution, characterized by more flexibility and ease of usage.
"SRAS automates and orchestrates enterprise IT security and risk management. SRAS simplifies and integrates network discovery, baseline configuration management and vulnerability management enabling reporting for enterprise risks and regulatory compliance. It offers flexible agent-based or agent-less data gathering options across multiple hardware and software platforms. SCAP validated, enterprise proven" (Website of Symantec).
The Symantec Risk Automation Suite is characterized by four distinctive features, as revealed below:
The use of a SOA architecture which allows the centralization of the managerial efforts and the integrated reporting across security tools through the decision support portal
The rapid discovery of assets and inventories across the entire networks
The identification of vulnerabilities through the detection and reporting for the operating systems, the network, the infrastructure and the applications and databases
The configuration of the auditing and policy management through the preservation of "an accurate inventory system configurations, including installed software, user accounts and system changes based upon SCAP compliant assessments" (Website of Symantec).
The table below reveals a comparative analysis of the three tools of risk automation in the field of Information Technology.
Advantages
Disadvantages
NIST automation
Clear, gradual and logically organized processes
Supported and created with the industry standards
Increased complexity
Use of adjacent systems and products (such as the Microsoft products)
Low flexibility and adaptability
SMART-RA
Reliability on formal structures
Decreased complexity and increased ease of use
Limited trials and experiences within the market
Reduced structure
Symantec Risk Automation Suite
Increased ease of usage and increased flexibility
Support for practical application
Reduced structure
Decreased integration of pre-established standards
All in all, the development of the IT community is directly linked to the development and implementation of solutions which help manage risks across the sector. The modern day society still lacks in these control mechanisms and the current emphasis falls on the creation of solutions to automate risk management. The three solutions that have been presented in the current project were both technical as well as practical, but the ultimate decision falls with the IT manager and is based on the needs of their networks.
References:
Coderre, D., 2009, Internal audit: efficiency through automation, John Wiley and Sons
Automated risk management using NIST standards, ACR 2 Solutions, http://www.acr2solutions.com/Documents/Automating_Risk_Management.pdflast accessed on July 10, 2012
Risk assessment, Website of SMART-RA, http://www.smart-ra.com/riskassessment.aspxlast accessed on July 10, 2012
Symantec Risk Automation Suite, Website of Symantec, http://www.symantec.com/risk-automation-suitelast accessed on July…
References:
Coderre, D., 2009, Internal audit: efficiency through automation, John Wiley and Sons
Automated risk management using NIST standards, ACR 2 Solutions, http://www.acr2solutions.com/Documents/Automating_Risk_Management.pdflast accessed on July 10, 2012
Risk assessment, Website of SMART-RA, http://www.smart-ra.com/riskassessment.aspxlast accessed on July 10, 2012
Symantec Risk Automation Suite, Website of Symantec, http://www.symantec.com/risk-automation-suitelast accessed on July 10, 2012
Study Document
risk management tools: interest rate futures, interest rate options, forward rate agreement and interest rate swaps. Interest Rate Futures An interest rate futures contract is a financial derivative. It allows the buyer of the contract to lock in a future investment rate. Like all derivatives, interest rate futures are based on an underlying security, which is a debt obligation that moves in value as interest rates change (Ord, 2011). The interest rate
Study Document
An organization is considered successful when it places goal commitment as the essential variable. One of the most important advantage that communication has as a risk mitigation tool is that it helps in the execution of safety measures and prevention of accidents as the employees are already been communicated about any problems they could face in the completion of tasks assigned to them. When the managers and authoritative figures
Study Document
Most developed economies, however, allow the market to set exchange rates, only influencing currency values through indirect means such as the increased or reduced sale of bonds to foreign entities and individuals, or through other means of international wealth exchange. Essentially, all manipulations of exchange rates and actions based on predictions of exchange rates are focused on the forward exchange rate, or the predicted rate of exchange between two
Study Document
Risk Management Events In reflection of the Exxon Valdez spill, the National Transportation Safety Board and the Coast Guard would both take a direct interest in improvement regulatory considerations relating to the alertness and suitability of an oil tanker's crew. This would be in 1989 following the massive oil spill off the coast of Alaska. According to the text, "Since 1989, much effort has been made by the Coast Guard and
Study Document
Risk Management Plan A&D High Tech Introduction to the Plan Company Background Risk Planning Charter, Scope, Plan, and WBS Scope of the Risk Management Plan 102.2 Risk Management Plan Components 112.3 Responsibility 112.4 Expected Monetary Value Analysis Risk Management Identification 123.1 Determine the Risks 133.2 Evaluate and Access the Risks 133.3 Qualitative and Quantitative Processes 143.4 Compare and Contrast Techniques Risk Matrix 144.1 Major and Minor Risks for the Risk Matrix 144.2 Risk Matrix Template 144.3 Reviews Corrective Action and Monitoring 155.1 Type of Corrective Risk Management 155.2 Corrective Plan 155.3 Corrective
Study Document
In terms of the management of the risk, this can be completed through either one or more of the following techniques: (1) mitigation of the risks; (2) transfer of the risk from one unit to the other, one project to the other and so on; (3) the acceptance of the risk; (4) the avoidance of the risks; (5) the communication of the risks and the search for risk management