AURUM-Corporate risk and compliance management
The intensive use of networked and complex IT systems has led to risks for companies, which can have serious legal and financial consequences. The efficient management of IT risks has become a mandatory requirement for the reliable operation of a company. Established procedures, based on standards, standards and experts, can in principle support companies in the management of IT risks. The manual review of risks and especially their numerous dependencies (for example with checklists) is, however, very time-consuming and error-prone. In addition, such a review is a snapshot that can be outdated hours later. Compliance with legal frameworks (eg GDPR) must be done automatically by modern compliance management systems.
Decision makers are often overwhelmed with the high number of possible countermeasures and not sure whether their IT security investment pays off or the solution found is suitable for the company. AURUM helps companies identify the best IT security concepts by looking at IT risk and compliance issues in an integrated way. It takes into account the costs and benefits of IT security measures as well as compliance with legal requirements and industry standards. The intuitive user interface and the innovative data and knowledge networking minimize the necessary interaction between user and system. The system is highly customizable and can be used by large enterprises and SMEs alike.
AURUM is based on a semantic knowledge base, which links all relevant information about possible IT security concepts, the company and its structure, processes and infrastructure. In this way, the actual level of risk can be continuously calculated in real time and automated countermeasures proposed. The knowledge base is designed for the highest possible interoperability and enables the efficient reuse of the information entered within the company.
AURUM automatically detects changes within your IT infrastructure and business processes. In combination with current internal and external events, AURUM continuously calculates the current threat situation and informs decision makers whether and which additional countermeasures are necessary. For this, AURUM automatically identifies potential weaknesses within the set countermeasures and recommends cost-effective measures to close these gaps.
AURUM offers the possibility to explore different risk scenarios in a playful way and to become familiar with the consequences of investment decisions regarding countermeasures. The interactive user interface allows decision makers to analyze the problem. At the same time, AURUM ensures that decision makers are faced with efficient solutions. The result is a representation of the measures required to close the gap between the current situation and the desired risk level (gap analysis).
The importance of entrepreneurial resources can be used to deduce what company-wide impacts it would have if the resource were no longer available and the associated business processes were hampered. AURUM is able to calculate the impact of threats, vulnerabilities and risks directly at the business process level based on the resources involved. The processes can be easily exported from existing process tools (e.g., ADONIS, ARIS, etc.) and imported into AURUM.
AURUM calculates the company's risk level in real time. It takes into account the resources of the company, the probability of occurrence of certain threats, the currently implemented countermeasures, current events, etc. The visualization breaks down the impact of the threats into three categories: confidentiality, integrity, and availability.
AURUM provides an intuitive decision support system that allows interactive comparison between different scenarios. The decision maker can estimate the consequences of his investment decisions and receives detailed information about investment costs, running costs and the IT security risk for all modeled company resources for each action strategy.
The AURUM Dashboard summarizes the latest information for a quick overview. The dashboard consists of widgets that can be individually combined and rearranged using drag & drop. It provides an overview of the current company portfolio and the risk values determined. AURUM supports the administration of any number of sites. Access to the sites can be easily done via a zoomable map. This is created dynamically based on the addresses or GPS coordinates.
A threat requires an existing and unprotected vulnerability to cause damage to a resource. A human threat can be realized either intentionally or unintentionally. Although existing standards and best practices often provide exemplary threat lists, there is occasional uncertainty about the precise threat characteristics of the Risk Manager. Which threats endanger my critical resources? What threats are multipliers by triggering other threats? What vulnerabilities are necessary for a particular threat to cause harm? AURUM allows the user to calculate probabilities for all selected threats regarding their enterprise-specific implementation based on the threat environment and the countermeasures already implemented. Prefabricated profiles allow a quick start.
AURUM is based on a semantic knowledge base, which links all relevant information about possible IT security concepts, the company and its structure, processes and infrastructure. Inventory for business processes allows the administration and visualization of BPMN processes. Currently, AURUM includes over 500 information security concepts (threats, vulnerabilities, countermeasures) and automatically links them to the modeled enterprise data through semantic structures. This enables automated statements about the current level of risk and concrete suggestions for improvement.
The AURUM network scanner enables the automatic identification of relevant IT systems in the corporate network. Similarly, the policy scanner allows identification of existing security policies. The scans help the user with the initial and ongoing inventory of company resources. The automated approach, unlike the manual approach, prevents individual resources from being overlooked.
The risk visualization provides a quick and easy overview of the calculated risk level of organizational units, business processes and resources. In addition, it provides an aggregation of the risk level for individual organizational units and processes. In addition, AURUM calculates the company's risk level in real time. The resources, the probability of occurrence of certain threats, the currently implemented countermeasures, current events, etc. are taken into account. The visualization breaks down the impact of the threats into three categories: confidentiality, integrity, and availability.
AURUM provides a central knowledge base for the company. On the basis of this data, the calculation of proposals for the optimal allocation of (IT) resources takes place. For example, it optimizes the investment costs and the running costs required to achieve the desired level of protection. However, AURUM does not confront decision makers with a single solution. Rather, it offers the opportunity to explore different scenarios in a playful way and to become familiar with the consequences of this decision. The interactive user interface allows decision makers to analyze the problem. At the same time, AURUM ensures that decision makers are faced with efficient solutions. The result is a representation of the measures required to close the gap between the current situation and the desired level of risk (gap analysis).
AURUM allows the use of business processes as the basis for risk management. The processes can be imported from popular tools like Aris and Adonis. Alternatively, AURUM offers the possibility to define the processes as BPMN models. As usual from familiar business process management tools, AURUM visualizes the processes on the screen. Users can integrate the processes into the corporate structure and assign properties. Likewise, resources that have already been deposited, such as IT systems or important data, can be automatically identified via the processes. Thereafter, the business processes serve as the basis for the calculation of the risk level as well as the potential countermeasures.