Modulo Customer Airlines Reporting Corporation Paves Path to Enterprise Risk Management for Security Officers
PR Web |
Modulo, a leading provider of technology governance, risk and compliance (GRC) solutions, announced today the best practices of how customer
Like many organizations that handle large volumes of financial transactions, ARC is focused on meeting the annual compliance requirements of the Payment Card Industry Data Security Standard (PCI DSS) to increase controls around cardholder data and reduce credit card fraud. However these activities shed little insight on real risk or compliance and were only once-a-year point in time events. Further it was a scramble to pull them together for auditors because they were handled manually with spreadsheets and SharePoint, and there was no overarching framework for guidance for a top-down approach.
To move the company to the next level,
The 5-Step Program included:
1. Pick a Framework: ARC decided upon using ISO 27001, an internationally adopted information security management system standard that provides a method for a holistic set of policies, processes and systems to manage risks to information assets, enabling an enterprise view of risk
2. Drive Scope through Risk Assessment: ARC used its Disaster Recovery and Business Continuity work to define program scope, including prioritization and identification of critical business processes and risk
3. Map Risks: First all risks were identified (leveraging other methodologies provided by NIST, ISACA, etc.), evaluated in terms of likelihood and impact, and related to enterprise strategy; then the controls tied to those risks were evaluated; and finally the residual risks were determined, an action plan developed and reduced
4. Treat, Measure and Monitor: ARC created a risk treatment plan; established a consolidated set of meaningful metrics using loss events; and now monitors on a regular basis; using Capability Maturity Model (CMM) ARC was able to set out both an interim and long term target and scores progress for a process of continuous improvement
5. Automate: Where possible, ARC uses tools, such as Modulo, to automate inefficient and ineffective manual processes
ARC also provides the number one success tip for a program of this size: start small and expand, for example beginning with remediation, compliance or vulnerability management.
He adds, “Modulo has great visual tool with an organizational overview so I can tie everything together. So if something happens from a low level I can show how it ties back to the business – and I have everything in one spot, without stacks of papers, for presenting to the executive team and for auditors. Also I was able to set everything up in weeks to months versus years as with other tools.”
Modulo Risk Manager – which earned the top 5-star rating from
Supporting Links
To watch the entire webinar: https://www.brighttalk.com/webcast/8563/96417
Share this: “Modulo Customer Airline Reporting Corporation Paves Path to Enterprise Risk Management for Security Officers @Modulo_Intl”
About Modulo
Modulo is a leading global enterprise provider of technology governance, risk and compliance (GRC) management solutions. Hundreds of organizations around the world leverage the award-winning Modulo Risk Manager™ as a flexible and affordable approach to manage risk, compliance, and business continuity across the enterprise and extended enterprise of third-party relationships. Customers span the financial, health care, retail, manufacturing, higher-education, telecom, energy and government sectors and include BASF, BC Hydro,
Visit http://www.modulo.com and follow Modulo on Twitter @Modulo_Intl.
Read the full story at http://www.prweb.com/releases/2014/01/prweb11524263.htm
Copyright: | (c) 2014 PRWEB.COM Newswire |
Wordcount: | 831 |
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News