CiSACS enables the management of risks and evaluates the compliance with industrial standards and regulations.
Inventory of Assets
This consists of mapping organization's assets, business processes and threats. The inventory structure is easily implemented by defining organizational, physical or process perimeters, as well as using tools that automate the entire activity.
Analyze Assets
Supported by a knowledgebase that is constantly updated by a MSLAB research team, CiSACS helps perform risk analysis of several kinds of assets. The analysis can be automated by using automatic data collectors, manual data collection and through Web and off-line based questionnaires. There are more than 4,000 automated collectors of distincttypes of assets that are distributed in several knowledge bases, compiling more than 11 ,000 controls. CiSACS can analyze risk from both a controls perspective, examining existing or missing controls, as well as a vulnerability perspective, targeting actual known vulnerabilities. 3rd party data such as Nessus and Bandolier can also be integrated into CiSACS's analysis.
Evaluate Risk and Compliance
Each resource is identified according to its relevance to the business. Risk evaluation is performed by generating objective and practical reports, with executive, tactical and operational views. These reports can be presented in different views such as assets type, perimeters, business processes and threats. This enables the verification of which assets or business processes run higher risks. Through a specific module. risk can be classified as acceptable or targeted for treatment. Through CiSACS's compliance analysis process, organizations can gauge compliance with multiple industry standards at one time and even align their internal standards with them.
Treat (Remediate, Mitigate)
Risk treatment is performed by observing recommendations and best practices. Through a web module, it is possible to assign tasks to your staff and manage the controls Implementation process. (Treatment recommendations are provided in the reporting process for each vulnerability.) CiSACS provides an objective methodology that offers qualitative and quantitative results that can effectively prioritize actions and support decision-making.
