Works with information, software, hardware, telecommunications, facilities and services.
All assets defined as ‘in scope’ by the statement of applicability and asset inventory under the care of Enterprise.
Define the Assets
The first step is to identify if we are attempting to assess new assets not registered within the asset inventory. If it is a new asset the asset will need to be added into an Asset Category and associated with the following:
Define the Threats
This task documents threats to the Enterprise assets for use in the risk analysis. This task includes description of threats, classification of threats, determining threat likelihood and exposure.
Define the Vulnerabilities
This task documents vulnerabilities identified within the Enterprise assets for use in the risk analysis process.
This includes a description of the vulnerability,
determining vulnerability consequence and impact and associating it with gaps identified in the survey.
In this work task we list and evaluate existing controls to determine their effectiveness and/or identify net new controls for further consideration during the preparation of remediation activities designed to lower residual vulnerability and risk %.
It is possible that existing controls may be implemented incorrectly or suffer from other deficiency that if corrected would eliminate the need for additional controls.
Offer Risk Treatment
Once the analysis has been completed, a report can be generated that addresses threats, vulnerabilities based on the risk rating, which will also be used to rank and prioritize management decisions concerning resources and corrective and preventive action plans. The report should include the following information at a minimum.
Access anywhere on any device. Ability to send/receive online surveys to all locations with one-click. iPAD and Android enabled to collect data at locations with or without internet access.
Use a global register to create a standardized assessment or create one from an assessment that was conducted previously.
Pre-loaded to provide up-to-date
Threat Data from the most
reliable source in the industry with risk scores for more than 140
Helps you manage and prioritize projects. Track mitigation progress and closure. Use any combination of filters to discover and act on implementation that is lacking in your organization or enterprise.
Dashboard provides a single view of risks and threats and status of active projects across the entire organization. Easy availability of risk status encourages proactive approach to compliance.
Your data is stored in an encrypted format on its servers, which will ensure data security.
Works with IOS and Android for data collection and surveys. Console syncs with your desktop and mobile devices.
Heat map provides you with up-to-date developments of any true risk culture based on metrics and analytics.
CyberWatch automates the survey, data collection, analysis and reporting process for on-site physical security risk assessments using the Threat/ Vulnerability methodology.
It is in line with the recommended risk assessment process in FEMA 428 Chapter 1. NIST 800-30 and also follows the risk assessment framework by ISO 31000.
Unique Risk Profile
At Riskwatch International we understand the unique physical security needs of our customers in the Petrochemical industries. The need to secure these facilities from terrorists, saboteurs, employees and others has never been greater.
We understand that your primary concern is keeping your assets (employees, visitors, facility, and intellectual property) safe and secure. CyberWatch helps conduct Security assessments that ensure compliance
with MTSA, CFATS, CTPAT, HAZMAT, and OSHA.
Global expansion requires actionable intellegence
We understand the unique security needs of our customers in the Pharmaceutical industries. Controlling this environment from a security perspective requires that risk assessments should be conducted annually at each facility and the associated supply chains.
Since each location will present a unique set of risks, you need to deliver actionable intelligence to mitigate those risks.
A robust security program is imperative
Utilities face many risks like cyber attacks, copper thefts,
control violations and compliance gaps which have the potential to disrupt the utility industry. After remaining relatively unchanged for the last 100 years, the grid is facing a host of new challenges making it complex to manage and mitigate all the risks.
CyberWatch provides energy companies an easy way to measure and mitigate physical security risks and compliance gaps by streamlining the assessment distribution and collection process. It comes with CIP-006 v5 and CIP-014 quickly identifies the most risky sites and lets you manage the mitigation process. It produces RSAWs and security plans taking significantly less time than manual based systems.
It can be utilized by existing IT Security Departments to conduct security risk assessments. The CyberWatch software documents:
– current assets
– security systems
– risk levels
– gathers recommendations
– survey gaps
All done for you through a survey and assessment workflow software management tool.
CyberWatch is an Information Security
Risk Management solution
Measure Security and Compliance Gaps
Manufacturing companies have an easy way to measure and mitigate physical security risk and compliance gaps by streamlining the assessment distribution and collection process. The two phase assessment process allows all sites to be included in the initial assessment and analyze the sites at high risk.
CyberWatch helps security managers explain and summarize the “State of Security and Risks” within their organization and meet compliance with state and federal standards, guidelines and best practices.
RiskWatch’s flagship product CyberWatch will allow the Department of Veterans Affairs (VA) and Administrators to conduct independent assessments across all VA medical facilities regarding the appointment scheduling process, staffing level and productivity level of each facility.
Dynamic dashboards allow the Administrator the ability to examine different criteria including the assessment status, pending actions, and specific data points.
Assess all Appointments across all VA Medical Facilities
The Enterprise ISMS Risk Assessment Procedure provides direction to managers, employees and contractors responsible for facilitating Risk Assessments.
Identify Assets in Scope:
Define the Threat Scenarios:
Assign Threat to Asset and determine set Business Impact Rating. Identify existing recommendation (if any).
1. Asset Category – Assets can be grouped into categories, Example: Computer, phone, switch would fall within IT Hardware.
2. Asset name – The actual asset name used to identify the asset should come from the asset inventory as maintained within the Configuration Management Data Base.
3. Asset Id – Asset Id represents the line of business in custody of the asset. Choose an abbreviated code that represents your specific division or department.
4. Asset Criticality – Asset criticality is the relative risk of a high cost arising from failure of that asset. This is measured on a scale of 1(Low) to 5(High).
Identifying the sources of vulnerabilities can occur during the Enterprise Risk Assessment process, Management discussions or Subject Matter Experts may become aware through their connections with special interest groups or through active and monitoring of events affecting assets.
Additional intelligence may be gathered during investigation into these events, incident triage, root-cause-analysis of incidents and problems or fault.
For twenty years RiskWatch International has been a Global Leader in Risk and Security Assessment SolutionsU. S. HeadquartersRiskWatch International1237 N. Gulfstream Ave.Sarasota, FL 34236Office: 941-316 9677Toll Free: 800-360-1898 Fax: 866-390-8897