Automation of risk management to reduce cost and improve accuracy
Network Centric view of compliance that only addresses Discovery and Reporting functions of the Risk Management Life Cycle and does not address
• Prioritization of Assets
With the advent of the “Application Risk Dashboard”, IT Security has implemented a variety of operational and security compliance profiles to address apparent threats to Verizon Networks, but unlike the original SRC (from which they’re moving away from) the dashboard lacks the means to assimilate security data from multiple sources, provide a repository of steady state documentation for ...view middle of the document...
The solution must be a single, centralized repository for all clearance or compliance-related artifacts of evidence which may be deposited and “time stamped” with multiple user solutions (upload, ftp, webdav, etc. documents into a secure repository that allows for delegated authorization for access).
The solution must have capabilities for role-based access re-certification, clearance and compliance-related activity email and calendar reminders.
The solution must have capabilities for role-based access re-certification, clearance and compliance Roadmap Action Items (application teams, SPOCs and/or SFPs can create, or modify "To-Do" items as project management tools for completing the compliance process and demonstrated progress towards deadlines dictated by the regulation.
The solution must support multiple access roles within NTEC-IT and enable complete delegation of responsibilities and allow for annual role recertification.
The solution must have the capability to perform authorized updates the system automatically with changes in role, clearance or regulatory compliance requirements.
The PxQ of Next Generation data visualization and analytics
Interactive visual map that tells a story. Humans have been story tellers since the invention of language and any important data analysis or visualization needs to be communicated as part of a rich, compelling story. If you don’t know what the bigger story is, how can you possible hope to create meaning from data?
Next Generation data visualization must abstract obtuse complexity and underlying complexity of data and provide a business-friendly view of trusted data on demand that’s immediately digestible.
Why the rush to real-time data warehousing? Some of these practices are purely a matter of timely decision making, such as operational business intelligence and frequently refreshed management dashboards.
The Hidden PxQ Cost of Risk Management by Spreadsheet
Currently, NTEC-IT is utilizing spreadsheets to manage clearance, access and SOX compliance. While spreadsheets are easy to use for project management, for clearance, role based access and compliance, they extremely hard to maintain and audit and quickly become cumbersome as there’s more time in setting up spreadsheets and tweaking than groups will spend working on compliance & risk posture issues. In addition, spreadsheets also lack visibility and accessibility to the key stakeholders both in the business and NTEC-IT management.