THE SECURITY RISK SOFTWARE
Co-designed by the author of the globally-acclaimed Security Risk Management Body of Knowledge (SRMBoK), SECTARATM is the go-to platform for producing professional security risk assessments and treatment plans. There’s even a free one included to get you started!
SECTARATM enables practitioners to create and complete security risk assessments quickly, simply and with methodological rigour. We incorporated data libraries to promote productivity and made sure that it was suitable for any scope and industry for the broadest utility. As you’d expect, military-grade encryption prevents unauthorised access to your sensitive data – including by developers and system administrators. Download the sample critical infrastructure (Dam) assessment, and review sample use cases further below.
Sample SECTARA™ Use Cases
The Problem
You engage a consultant to deliver a security risk assessment. While you brief them on what you want out of it, you have no idea what the end product will look like – everyone seemingly has a different approach.
Alternatively, you had a security risk assessment performed previously and don’t wish to repeat the process, but you do seek the previously identified risks and treatments to be reviewed for currency.
You may even need to just demonstrate the progressive nature of the security function to management in support of an initiative/business case, or compare sites across your organisation’s property portfolio.
The Solution
- Create an Assessor user and compel the consultant(s) to adhere to SECTARA™’s best-practice processes. In doing so you automatically prevent them from modifying your methodology and criteria. You can even supply them with a sample assessment (which is supplied within the system) to show them the level of quality that you expect.
- SECTARA™ enables you to create living assessments that can be updated at any time.
- Schedule a periodic review and require consultants to do it within SECTARA™.
- Demonstrate the logical manner in which security is managed, then showcase your results during briefings through SECTARA™‘s stunning dashboards.
The Benefits
Finally there’s a way to address the issue of consultants doing work on their own laptops and assure that assessments are not retained and shared upon completion.
A deliverable with a familiar methodology and thus an increased ability to challenge assumptions and conclusions.
Confidentiality – assessors cannot export assessments from SECTARA™.
‘Living’ assessments that are always up to date.
The Problem
You, or your network of consultants, deliver security risk assessments in MS Word/Excel for your clients. Constantly fixing formatting issues is time-wasting and each assessment drifts further from the original template, meaning a client may be happy with one but not necessarily the next.
Some assessments take way too long, it is often difficult to remember where you have stored great content from other assessments, and if you are waiting for another consultant to complete one there’s little ability to collaborate in real-time.
Further, and when you do deliver a report to a happy client, they say thanks and you may never hear from them again!
The Solution
- Assure methodological rigour on every assessment, with SECTARA’s repeatable processes.
- Use data libraries to store your best assessment content and speed the process on every assessment thereafter.
- Use impressive, interactive charts and other visuals to debrief clients.
The Benefits
Reinforce the value of partnership with your clients – you can now offer a retained service around assisting with treatment planning and reviewing/maintaining assessments so that they’re always up to date. You can simply create an organisation for your clients, and then invite them to your account as an Organisational Admin, Business Unit Admin, Assessor and/or Viewer user.
Gain absolute assurance over the work of your consultants/contractors, and even provide your client view access to a sample assessment to confirm mutual expectations. Collaborate in real-time with both your consultants and clients once underway, including through marked-up reviewer comments.
Ammortize the entire cost of your SECTARA subscription over a single assignment – if you propose the use of SECTARA in a proposal then your annual fee is already paid!
When you’re inside the tent, you’ll always be on the client’s mind when new opportunities arise. And with SECTARA, they’ll always remember your great work!
The Problem
Your suppliers are contractually bound to assess their risk (or worst case they aren’t at all), but they use different criteria to you. What you consider high risk may be low risk to them. Thus they may not have to report it to you (or manage it as you would wish) under contract.
Or perhaps you simply need the specialist input of your suppliers to understand your supply chain security risk profile. There may also be issues because your suppliers deliver events or services for only part of the year.
The Solution
- Set your organisational criteria that your suppliers will then be required to apply to their assessment(s)
- Create an assessment and define the areas that you wish suppliers to address (at minimum).
- Review the results in real time and query assumptions, risk controls and ratings.
- Have your suppliers quickly update a previous assessment during event/short-duration asignment preparation stages.
The Benefits
Standardised and structured third-party security risk assessments that quickly identify and enable you to prioritise risk.
Getting suppliers to complete their own security risk assessments, and allowing you to review them in real time, enables you to focus your resources on other assurance tasks.
A risk-based approach helps you reduce risks while monitoring compliance.
Be much better informed about what your suppliers regard as their key risks.
Improve contract obligations by requiring specific risks to be addressed.
Compare your supply chain the results with your own strategic risk profile.
This way you will always have the latest view of their risk profile.
The Problem
Current competency-based training can sometimes be overly complex when it comes to curriculum approaches to assessing assets, threats, control effectiveness and risks.
The Solution
Consider accompanying your training with SECTARA, which you can use to step students through the processes quickly and logically.
The Benefits
The process is so logical that your students will grasp it immediately.
Higher levels of competency and better practitioners.
If you also consult, and after declaring an interest, you have the ability to sign attendees to your account as clients for ongoing work, in the same way that the Security Consultants user case above recommends.
The Problem
You supply security manpower to clients. You’ve traditionally spoken in terms of solutions (patrols, numbers, routines etc.), but clients are wanting to hear about the risks that you are addressing, and thus how you justify the proposed treatments (i.e. your services).
Or perhaps you need a security risk assessment completed on a site you provide services to, but you’d normally refer the client to someone else to do this.
The Solution
- Create an organisation within SECTARA for your lead/client. Document the risk profile of their organisation (from tender documentation if it has been issued), including the assets, threats and existing controls, and then the risks as you see them.
- Propose your services as recommended treatments to the risks, and present SECTARA’s extremely logical process and stunning visual dashboards during your pitch. It will make a major differentiation from what your competitors present.
- For assessment requests by clients, carry out your own assessment quickly, and with the benefit of past details that you created for the site. If you have to bring in external expertise, create a new “Assessor” user on SECTARA and get a consultant to deliver in a familiar format, without them being able to download/keep the assessment afterwards.
- Once completed a debriefing can be conducted over the phone or WEBEX – you can even create a Viewer user so your client can log in and follow along on their own computer!
The Benefits
Presenting a risk-based justification for recommendations is a whole other conversation, one that demonstrates calculated consideration, and one that will engage your leads and clients.
You’re now ahead of your most progressive competitors – last we looked none are using their own systems that come anywhere near SECTARA, if they are talking in risk-terms at all.
Key Global Security Risk Management Standards
7
SECTARA™'s Level of Alignment with each
100
SECTARA™ aligns to International Best Practice for Security Risk...
- ISO 31000 – Risk management …
- Standards Australia’s Handbook 167 – Security risk management …
- ISO 27005 – Information security risk management …
- Universal Security Management Systems Standard 2017 …
- Security Risk Management Body of Knowledge …
- National Institute of Standards and Technology (NIST) Framework …
- Australian Government Protective Security Policy Framework …
Why SECTARATM?
There are a lot of reasons to like SECTARATM - we've included a list of the key ones below.
We offer a full-function Free Trial – start assessing for free.
Export assessments and treatment plans to MS Word/Excel.
SECTARA™ can be white labelled so you can apply your own logo.
SECTARA™ pricing includes 10% off for annual subscriptions.
No configuration is necessary – simply log in and start assessing.
Secure and hosted within a Government accredited data centre.
Simple internal and external collaboration with stakeholders.
Five user types – you have complete control of who does what.
Step-by-step, in-product guided tours for user onboarding.
No more enterprise spend on annual/biannual security risk assessments.
A detailed Knowledge Base and support is available to all subscribers.
Consultants can use SECTARA™ for a retained service offering.
