The greatest risk for any commercial company or business these days is that of losing customer data. There are major financial costs in addition to regulatory breaches. The customers also start losing faith in a company which proves to be incapable of managing the most critical of assets it possesses.
In most countries, companies are obliged to ensure the confidentiality, integrity and the availability of data. We know of the UK Data Protection Act, EU Data Protection Directive, and HIPAA etc. which govern the data protection requirements. However, on September 5, 2009, Bloomberg reported that the Mitsubishi Corp. internet shopping unit lost credit card details on 52,000 customers after its servers were hacked from overseas. In July 2009, the Japanese Insurance firm Alico said the suspected leak of its customers’ credit card information may have led to about 2,200 cases of credit card fraud. The company mentioned that credit card information related to up to 130,000 insurance contracts may have leaked. So this raises the question, how secure can our data be? Do different types of data, need different levels of security? Who defines these controls?
Risk Assessment and Gap Analysis are the foundations of ISO/IEC 27001. In a world of ever-changing security needs, Risk Assessment and Gap Analysis should be continuous processes. Traditionally, the Risk Managers and security personnel have been using Excel sheets to manage this tedious task. It is difficult for people to monitor the controls and the security responsibilities of the organization row by row and matching them to the columns available in an Excel sheet.
The Risk Management Studio (RM Studio) software solution incorporates the Risk Assessment and Gap Analysis activities that a Risk Manager would perform into an integrated dashboard system, ready to observe and analyse the current state of security readiness of the operations. With RM Studio, Insurance organizations can quickly achieve IT configuration integrity by proactively assessing how their current configurations measure up to the requirements as given in ISO/IEC 27001. This provides the Insurance companies immediate visibility into the state of their systems, saving the time and effort otherwise spent in analysing Excel sheets.
An important part of the RM Studio is its ability to incorporate the business continuity planning for Insurance companies. These are critical for restoring a company’s operations following a potential operational disaster. The RM Studio provides templates and documents for updating and improving continuity plans for Insurance companies.
For more information regarding the RM Studio, log on to www.riskmanagementstudio.com or send an email to stiki@stiki.eu
(Advertisement)
