The WCK GRC platform provides comprehensive tools for the on-going management of cyber and IT security risks:
|Automated, Policy-Driven Questionnaires||Effortless Root Cause Analysis|
|Ready-to-Use Content and Mappings||Customizable Dashboards & Reports|
|Intelligent Risk Analytics||Automated Ingestion of Existing Findings|
|Remediation Prioritization||Business-Driven Assessment|
|Visual Asset Mapping|
WCK GRC automatically generates objective questionnaires that facilitate fact-based answers rather than informed interpretations, which reduces the need for highly-priced, skilled manpower. The policy-driven questionnaires are generated based on analyzing the organization’s policy and compliance requirements and on the IT asset characteristics, such as: type, location, etc. As a result, reviews are focused on the organization’s distinct needs as opposed to the outdated approach of using pre-defined ‘vanilla’ questionnaires.
WCK GRC supports a broad range of out-of-the-box control metadata, relating to the standards and best practices in IT, security and embedded systems. The platform incorporates, among other things: ISO, NIST, FISMA, PCI, CobIT, HIPPA, SOX IT controls and NERC metadata, and maps between controls, threats and vulnerabilities.
The platform correlates and normalizes controls across multiple regulations and standards, enabling an organization to test once and comply multiple times, which substantially reduces the time and cost involved in reviewing redundant controls.
WCK GRC automatically calculates, normalizes and aggregates the risk rating of each asset, as well as the organization’s overall risk posture. The intelligent risk engine uses unique algorithms, which consider the business criticality and the interdependencies between business processes, organizational units as well as IT assets and components, in order to expose hidden risks and overlooked security gaps. The platform supports the CVSS (Common Vulnerability Scoring System) scoring in addition to system-generated risk rating.
WCK GRC drives efficiency by streamlining the entire remediation process. Mitigation activities and investments are automatically prioritized based on business criticality, ensuring an effective remediation process. A built-in workflow triggers automatic alerts and email notifications to appropriate personnel for task assignments and escalations. Managers can track the status of open issues and drill-down to view the details of each open ticket.
Our user-friendly visual asset mapping tool allows organizations to easily define interdependencies between business processes, organizational units, IT systems, IT components and other entities. The tool facilitates a more accurate understanding of the risk landscape and the interdependencies. Assets that may seem less important on their own are often found to significantly affect more critical assets when viewed within the dependencies framework and the business process perspective.
WCK GRC solution provides a simple 3-click root cause analysis for immediate investigation of risky business processes and highlights the remediation and compliance status. Quick and easy navigation from the business process view to the specific finding level (the ticket) is enabled within few clicks.
Dashboards, built-in reports and a powerful report generator reflect the holistic risk posture and its business implications at a glance as well as the compliance status. Customizable dashboards can be tailored to suit executive and operational levels. Decision support, Key Performance Indicators (KPI) and trending tools provide management insight regarding risks, their status and potential bottlenecks.
WCK GRC includes easy-to-use tools and adaptors for configuration and integration with complementary systems such as: scanners, CMDB’s, and task management software and offers an easy upload of findings from previous reviews via spreadsheets. These tools enable organizations to be up and running within weeks and reduce the costs of implementation. An accurate risk posture can be presented within days of installation.
The WCK platform was designed to focus organizations on business-oriented IT and security risk management. Assets are classified based on five business parameters: financial, safety, brand, productivity and legal. The system generates context-based questionnaires to assess the business and security criticality of each asset. Analysis tools enable extended filtering of the risks based on business drivers. Dashboards and reports reflect the aggregated risk affecting business processes.