A menu-driven web interface walks users through setting up risk assessments by defining systems, processes and the process system relation. Business impact, vulnerabilities and threats are documented through the use of questionnaire-based assessments, as is reporting on vulnerabilities at the network asset and process level, and managing the workflow associated with the remediation of risks. Risk assessments are derived from the enterprise security policy and are customizable to the standard to which the enterprise is aligned. Regardless of the standard to which it maps, the risk assessment methodology complies with ISO 27001/27002 standards. The workflow engine was helpful. It integrated with Active Directory (AD) and the lightweight directory access protocol natively to facilitate the tracking of tasks, questionnaires and documentation.
SecureAware can report an enterprise risk profile on a continuous basis through its dashboard and report-writing capabilities. Browser-based graphical presentations of risk data, business impact and risk assessments and analysis are also included.
Sold as a software solution, the offering is deployed on either a Windows or Linux server. It is a light and simple implementation. Eight-hours-a-day/five-days-a-week phone and email support is included for the first year and provided at a fee after that.
This solution focuses on the business risk side of the equation. It provides effective tools for creating policies and measures and maps risk to those policies and industry standards. From a policy/risk management aspect, this is a strong tool. We like that Lightwave also included business continuity planning in the risk management process.