Applications

The WCK GRC software platform includes multiple applications  which can be mixed and matched to suit  your organization’s needs.

image image image
image image image
image image image

Implementation is completely modular.   Companies can choose to start with just one or two WCK GRC software applications, and then add more modules as their needs grow, or they can start out from day one with a complete offering.

Cyber Security Risk Management

WCK IT and cyber risk management application automates the entire risk management life-cycle, including:

  • Asset Management easily supportingany relevant asset-type, be it an s IT, OT, logical, physical or business asset.
  • Review and Audit Management using your existing questionnaires,  or WCK’s powerful Automatic Questionnaire Generator.  This optional mode automatically blends only  relevant controls, based on the specific asset type, its environment and the required policy, optimizing  the review process, while eliminating the problem of subjective answers.
  • Correlation of Findings from external risk sources such as scanners, penetration tests and  even event management systems (SIEM) results in a more unified risk management process.
  • Built-in Risk and Threat Analytics include unique dependency analysis which trace how risks propagate across the organization and help uncover hidden vulnerabilities.
  • Remediation Management and Mitigation Workflows are prioritized by business importance rather than just  technical severity, so you focus your efforts on what affects the most critical business processes and services.
  • Business intelligence with pre-built and customizable reports and dashboards for multiple stakeholders.

 

 

Vendor Risk Assessment Portal

WCK Vendor Risk Management Module enables organizations to efficiently analyze and enforce the risk level of third-party suppliers, as well as to benchmark the compliance and risk posture between their multiple vendors.

 

Compliance Management

The WCK Compliance  Application focuses on control-based risk management for complying with regulations, standards and internal  policies.  Supporting new standards and regulations is simple, and control-sets are easily imported via Excel or XML in a matter of minutes to hours.   WCK Compliance dashboard - ISO by chapter

Built-in, ready to use standards and control-sets include:

  • ISO27000
  • Cobit 4.1 – 5
  • PCI-DSS
  • IEC 62443
  • NERC-CIP
  • ISA99
  • NIST 800-53A
  • SOX-IT
  • ISO27799

 

 

Global Risk

Global Risk application supports a top-down risk management approach based on standard operational risk methodology (COSO ERM).  You can analyze your risk posture in terms of families of risk, and compare inherent risk with residual risk based on controls in place. This flexible application module, working together with the Cyber Risk Module allows organizations to easily map technical IT and cyber risk to the operational risk tiers used in the ERM departments. WCK Global Risk Application - Top 10 Risks over time

This flexible application module, working together with the Cyber Risk Module allows organizations to easily map technical IT and cyber risk to the operational risk tiers used in the ERM departments.  

 

Threat Intelligence

WCK Threat Intelligence application can display your current security resilience posture based on the most up-to-date threat intelligence. Threat data can be integrated from diverse public and private sources, feeds and reports and mapped to the organization’s controls and policies. The application provides actionable intelligence, dashboards and reports which indicate the mitigation actions that can minimize exposure to the most likely threats.

 

 

Business Continuity

The Business Continuity Management application helps organizations create and run efficient business continuity plans, in alignment with BS25999 and other BC frameworks.. The application allows you to  design and update a Business Continuity Plan and run test scenarios based on your Recovery Time Objective (RTO) and MTD (Maximum Tolerable Downtime) for your processes and assets.

 

.

Secure Development Lifecycle (SDLC)

WCK Secure Development Lifecycle manages and enforces organizational security policy for products being developed.  It supports multiple versions, as well as all the stages of a product lifecycle, such as design, development and testing.

 

WCK SDLC Development Lifecycle screenshot

Finding security vulnerabilities as early as possible results in a tremendous reduction in the cost and effort of mitigation security once a product is in production.

 

Textual Policy Mapping

Unique Text Policy Mapping simplifies compliance to multiple policy documents. Compliance Officers can easily highlight sections of textual documents, and map them to controls, eliminating the costs of overlapping compliance requirements. The compliance status of each section in the document is color coded automatically based on the control status.

Adaptors to External Systems

WCK Adaptors and Integration Points

WCK offers an open platform with a wide variety of preexisting adapters and APIs to external systems.

The adaptors use standard XML and Web Service protocols and are available for standard and proprietary network scanners, code scanners, external ERM and GRC systems, task management software and CMDB and BPM repositories. APIs are available for findings, mitigations, threats and reviews.

WCK GRC Software applications cover the complete spectrum of governance, risk and compliance for large enterprises, as well as for small and medium sized organizations who deal with regulatory requirements.