Risk Management Tools the Term Paper

The SMART-Ra solution is characterized by the following:

The formal assessment of the risks through the employment of the ISO 27005 standards and the OCTAVE techniques

The systematic assessment of the risk through the PDCA model (plan, do, check, act)

The automated risk assessment through the Fast Ra feature, which "provides fully automated risk assessment with a built in database of standard assets, threats, vulnerabilities and controls" (Website of SMART-RA)

The creation of detailed reports such as multi-criterion filtering or exports to other formats

The monitoring of risks through the monitoring of risk mitigation controls and the identification of the new risks after mitigation (Website of SMART-RA).

Last, the third potential solution to automating the IT risk assessment is represented by the Symantec Risk Automation Suite (SRAS), which is also a privately developed solution, characterized by more flexibility and ease of usage.

"SRAS automates and orchestrates enterprise IT security and risk management. SRAS simplifies and integrates network discovery, baseline configuration management and vulnerability management enabling reporting for enterprise risks and regulatory compliance. It offers flexible agent-based or agent-less data gathering options across multiple hardware and software platforms. SCAP validated, enterprise proven" (Website of Symantec).

The Symantec Risk Automation Suite is characterized by four distinctive features, as revealed below:

The use of a SOA architecture which allows the centralization of the managerial efforts and the integrated reporting across security tools through the decision support portal

The rapid discovery of assets and inventories across the entire networks

The identification of vulnerabilities through the detection and reporting for the operating systems, the network, the infrastructure and the applications and databases

The configuration of the auditing and policy management through the preservation of "an accurate inventory system configurations, including installed software, user accounts and system changes based upon SCAP compliant assessments" (Website of Symantec).

The table below reveals a comparative analysis of the three tools of risk automation in the field of Information Technology.

Advantages

Disadvantages

NIST automation

Clear, gradual and logically organized processes

Supported and created with the industry standards

Increased complexity

Use of adjacent systems and products (such as the Microsoft products)

Low flexibility and adaptability

SMART-RA

Reliability on formal structures

Decreased complexity and increased ease of use

Limited trials and experiences within the market

Reduced structure

Symantec Risk Automation Suite

Increased ease of usage and increased flexibility

Support for practical application

Reduced structure

Decreased integration of pre-established standards

All in all, the development of the IT community is directly linked to the development and implementation of solutions which help manage risks across the sector. The modern day society still lacks in these control mechanisms and the current emphasis falls on the creation of solutions to automate risk management. The three solutions that have been presented in the current project were both technical as well as practical, but the ultimate decision falls with the IT manager and is based on the needs of their networks.

References:

Coderre, D., 2009, Internal audit: efficiency through automation, John Wiley and Sons

Automated risk management using NIST standards, ACR 2 Solutions, http://www.acr2solutions.com/Documents/Automating_Risk_Management.pdflast accessed on July 10, 2012

Risk assessment, Website of SMART-RA, http://www.smart-ra.com/riskassessment.aspxlast accessed on July 10, 2012

Symantec Risk Automation Suite, Website of Symantec, http://www.symantec.com/risk-automation-suitelast accessed on July…