The solution includes four modules: policy and awareness, compliance, risk management, and business continuity planning. A menu-driven web interface walks users through setting up risk assessments by defining systems, processes and the process system relation. Business impact, vulnerabilities and threats are documented through the use of questionnaire-based assessments, as is reporting on vulnerabilities at the network asset and process level, and managing the workflow associated with the remediation of risks. Risk assessments are derived from the enterprise security policy and are customizable to the standard to which the enterprise is aligned. Regardless of the standard to which it maps, the risk assessment methodology complies with ISO 27001/27002 standards. The workflow engine was helpful. It integrated with Active Directory (AD) and the lightweight directory access protocol natively to facilitate the tracking of tasks, questionnaires and documentation. SecureAware can report an enterprise risk profile on a continuous basis through its dashboard and report-writing capabilities. Browser-based graphical presentations of risk data, business impact and risk assessments and analysis are also included. Sold as a software solution, the offering is deployed on either a Windows or Linux server. It is a light and simple implementation. Eight-hours-a-day/five-days-a-week phone and email support is included for the first year and provided at a fee after that.This solution focuses on the business risk side of the equation. It provides effective tools for creating policies and measures and maps risk to those policies and industry standards. From a policy/risk management aspect, this is a strong tool. We like that Lightwave also included business continuity planning in the risk management process.
Copyright © SC Magazine, US edition
Issue: 335 | January/February 2015
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.