A Guided Tour

 

Find how WCK can improve your security & IT risk management processWCK software was designed to help organizations in every aspect of their security and IT risk management process, by using a methodology that eases the daily workflow and allows for speedy implementation and intuitive and easy ongoing maintenance.

WCK End-to-End Security Assessment (EESA™) is a comprehensive risk assessment model that connects the dots between detailed technical findings and business services and processes.

This approach  makes it easy to understand the business implications of IT risks and to uncover hidden vulnerabilities by analyzing the dependencies between the logical, software and physical assets of the organization. The platform addresses the daily concerns of IT and security officers:

Quick Implementation – Accurate Risk Posture within a Week

Deploying a GRC solution to improve your cyber and  IT risk management process is usually  time consuming and labor intensive.. To meet this challenge, WCK GRC offers a unique and pragmatic deployment process, which results in an accurate risk posture within days of installation. The quick implementation and the immediate results show significant value in a short period of time, ensuring management support at an early stage.

Preliminary Configuration and Legacy Information Import:  ~ 1 Week

Preliminary configuration includes the definition of basic elements such as the organizational structure, organizational assets, criticality, and more. The organization’s legacy information (prior audits, penetration tests, etc.) is imported via automated feeding or via Excel spreadsheets.

Visual Mapping of Assests

Visual mapping of assets and their relationships clearly demonstrates

interdependencies between systems / processes / entities at a glance

Following this stage, security officers can already view the overall risk status and utilize bSRM’s decision tools, remediation workflows, reminders, alerts, reports and dashboards. Reviews can be created and managed based on templates already existing in the organization (imported through Excel spreadsheets).

Fine-Tuning: ~ 5 weeks

Policies are fine-tuned and uploaded to the system. Recent reviews based on the newly created questionnaires are added as well.

[top]

Risk Identification and Assessment

Once the risk posture is available, you can investigate each critical risk, its status, who is responsible and how it affects compliance or security status. Easy navigation is available from the business process or organizational unit to the specific ticket or finding. This allows you to:

  • Identify critical risk, compliance and  remediation bottlenecks
  • Track risk origin.  Where did the risk come from – from which audit,  automated tool, pen test or other?
  • Understand the risk context and make a decision on how to manage the risk
  • Change remediation prioritization according to business implications
  • Assign risks to remediation and monitor their progress
  • Prevent bottlenecks by verifying that ongoing work is properly addressed

 

High-Level Risk

High-level risk view

[top]

Efficient Remediation Management

The built-in remediation workflow allows you to manage remediation efforts and their progress, and manage issues before they become bottlenecks. It enables you to:

  • Track all risk reduction activities in real-time
  • Uncover mitigation delays and communicate with the responsible person via email or chat
  • Identify and manage risks that may affect specific business aspects such as: brand, safety, finance, legal and productivity,
  • Prioritize remediation based on criticality, resource availability or costs
  • Generate risk reduction activities automatically as a result of a review
  • Generate progress reports  vs. resource demands
  • Assign appropriate remediation actions according to your risk tolerance and internal policies

Mitigation Status

Mitigation status

[top]

Compliance Automation

With bSRM, you can monitor multiple, simultaneous compliance projects with dedicated compliance dashboards. The compliance management allows you to:

  • Generate policy-driven questionnaires that normalize controls across multiple regulations, standards and frameworks as well as facilitate fact-based answers
  • Schedule start and due dates for reviews
  • View review progress
  • Compare reviewed controls to those required by organizational policy
  • Manage progress and validate findings
  • Understand threats and to what degree they are already mitigated by existing controls
  • Identify compliance bottlenecks in the organization and their origin, before they become critical
  • View compliance statistics, the compliance per standard/regulation and the consolidated risk of non-compliant areas

Compliance Automation

Compliance high-level risk view

[top]

Extensive Dashboards and Reports

Predefined and customized dashboards with drilldown and root cause analysis options help you monitor risks from different perspectives such as  business processes, organizational units, suppliers and IT systems, to name just a few. There are a variety of predefined and tailored reports which facilitate customized communication with multiple stakeholders including the CEO, CIO, CSO. CFO and COO using:

  • A selection of simple and flexible reports
  • A wide range of parameters
  • Broad customization options
  • Business language

Dashboard and Reports

Flexible dashboard and reports can be customized based on multiple parameters

Customized Dashboard

A customized dashboard view

[top]