SECURITY RISK MANAGEMENT SOFTWARE
Co-designed by the author of the industry-acclaimed Security Risk Management Body of Knowledge (SRMBoK), SECTARA is the go-to tool for producing professional assessments and creating treatment plans. Field-level encryption also means that nobody, including our developers, admins or anyone else, can see your sensitive data.
SECTARA enables those responsible for security risk assessments to create and complete them quickly, simply and with methodological rigour. We incorporated data libraries to assure productivity gains and made sure that it was suitable for any scope and industry to ensure the broadest utility for subscribers. The use cases below highlight several ways you might use it.
Sample SECTARA Use Cases
You engage a consultant to deliver a security risk assessment. While you brief them on what you want out of it, you have no idea what the end product will look like – everyone seemingly has a different approach.
Alternatively, you had a security risk assessment performed previously and don’t wish to repeat the process, but you do seek the previously identified risks and treatments to be reviewed for currency.
You may even need to just demonstrate the progressive nature of the security function to management in support of an initiative/business case.
- Create an Assessor user and compel the consultant(s) to adhere to SECTARA’s best-practice processes. In doing so you auotmatically prevent them from modifying your methodology and criteria. You can even supply them with a sample assessment (which is supplied within the system) to show them the level of quality that you expect.
- SECTARA enables you to create living assessments that can be updated at any time.
- Schedule a periodic review and require consultants to do it within SECTARA.
- Demonstrate the logical manner in which security is managed, then showcase your results during briefings through SECTARA’s stunning dashboards.
You, or your network of consultants, deliver security risk assessments in MS Word/Excel for your clients. Constantly fixing formatting issues is time-wasting and each assessment drifts further from the original template, meaning a client may be happy with one but not necessarily the next.
Some assessments take way too long, it is often difficult to remember where you have stored great content from other assessments, and if you are waiting for another consultant to complete one there’s little ability to collaborate in real-time.
Further, and when you do deliver a report to a happy client, they say thanks and you may never hear from them again!
- Assure methodological rigour on every assessment, with SECTARA’s repeatable processes.
- Use data libraries to store your best assessment content and speed the process on every assessment thereafter.
- Use impressive, interactive charts and other visuals to debrief clients.
Your suppliers are contractually bound to assess their risk (or worst case they aren’t at all), but they use different criteria to you. What you consider high risk may be low risk to them. Thus they may not have to report it to you (or manage it as you would wish) under contract.
Or perhaps you simply need the specialist input of your suppliers to understand your supply chain security risk profile. There may also be issues because your suppliers deliver events or services for only part of the year.
- Set your organisational criteria that your suppliers will then be required to apply to their assessment(s)
- Create an assessment and define the areas that you wish suppliers to address (at minimum).
- Review the results in real time and query assumptions, risk controls and ratings.
- Have your suppliers quickly update a previous assessment during event/short-duration asignment preparation stages.
Current competency-based training can sometimes be overly complex when it comes to curriculum approaches to assessing assets, threats, control effectiveness and risks.
Consider accompanying your training with SECTARA, which you can use to step students through the processes quickly and logically.
You supply security manpower to clients. You’ve traditionally spoken in terms of solutions (patrols, numbers, routines etc.), but clients are wanting to hear about the risks that you are addressing, and thus how you justify the proposed treatments (i.e. your services).
Or perhaps you need a security risk assessment completed on a site you provide services to, but you’d normally refer the client to someone else to do this.
- Create an organisation within SECTARA for your lead/client. Document the risk profile of their organisation (from tender documentation if it has been issued), including the assets, threats and existing controls, and then the risks as you see them.
- Propose your services as recommended treatments to the risks, and present SECTARA’s extremely logical process and stunning visual dashboards during your pitch. It will make a major differentiation from what your competitors present.
- For assessment requests by clients, carry out your own assessment quickly, and with the benefit of past details that you created for the site. If you have to bring in external expertise, create a new “Assessor” user on SECTARA and get a consultant to deliver in a familiar format, without them being able to download/keep the assessment afterwards.
- Once completed a debriefing can be conducted over the phone or WEBEX – you can even create a Viewer user so your client can log in and follow along on their own computer!
Key Global Security Risk Management Standards
SECTARA's Level of Alignment with each
SECTARA aligns to International Best Practice for Security Risk...
- ISO 31000 – Risk management …
- Standards Australia’s Handbook 167 – Security risk management …
- ISO 27005 – Information security risk management …
- Universal Security Management Systems Standard 2017 …
- Security Risk Management Body of Knowledge …
- National Institute of Standards and Technology (NIST) Framework …
- Australian Government Protective Security Policy Framework …