Customer Login Free Trial

Resources

SPM Overview

document thumbnail

“Using Risk Communicator, we were able to visually communicate our 3rd party risks”

- Insurance Industry Customer

Risk Communicator Teaser

video thumbnail

Risk Communicator Overview

video thumbnail

Risk Whitepaper

document thumbnail

“I couldn't have built my risk program without Risk Communicator.”

- Financial Services Customer

Third Defense Risk Communicator

Third Defense Risk Communicator is part of the Third Defense Suite. Review the data sheet on the right for more information or sign up for an instant 30-day trial. Risk Communicator is a versatile tool for managing risk across IT and security. The following scenario focuses on IT Security prioritization and budget justification. The workflow is similar whether you're evaluating risks associated with cloud computing, mobile devices, or conducting a compliance assessment.

The Problem

The IT Security budgeting adventure is one of the more challenging and rewarding experiences in IT. CSO’s must demonstrate value, manage risk to an acceptable level, and facilitate business-driven decisions with stakeholders.

The Solution

Speed, consistency, proven workflow, and executive-ready reporting enable Risk Communicator to reduce the time and effort to prioritize and justify security investments.

Is Risk Communicator part of a GRC suite? Definitely not. Our focus is evidence-based prioritization to improve business decisions. GRC tools can be an effective solution to manage policy and compliance workflow. Risk Communicator sits between the GRC processes of assessing risk, and how security teams get the resources to address them.

Benefits

  • Reduce Business Case Preparation Time: 3x ROI delivered through time savings.
  • Compelling Visuals: communicate the value of security investments.
  • Demonstrate Compliance: clearly show Auditors and Stakeholders how security decisions are made in context of the business.

Product Overview

Since security teams approach risk and investment prioritization differently, Risk Communicator distills the process into a standard workflow:

  1. Build Assessment

    Identify risks across your assessment scope and document your current control effectiveness. To streamline this step, Risk Communicator contains a repository of templates covering IT, security, compliance, and emerging technology areas.

  2. Prioritize Risks

    Choose the right level of detail for your audience. Risk Communicator offers an innovative drag-drop ability to move risks across the standard Impact/Likelihood Heat Map. For detailed or controversial risks, Risk Communicator includes a detailed framework to facilitate debate, organize your evidence, and consistently prioritize risks. As appropriate for your organization and assessment, Risk Communicator also includes a Quantified Impact Plot to visually communicate the Expected, Best, and Worst case impacts across risks.

    Third Defense Risk Map
  3. Define Projects

    Risk Communicator provides a simple approach to associate costs with value in terms of risk reduction. The benefit is communicating the optimal pace of project investment.

  4. Justify Spend

    Risk Communicator provides a consistent approach to incorporate risk, business importance, and IT's capability to execute projects. This combined Business Value Score facilitates an objective discussion about the costs and benefits of investment priorities. Risk Communicator provides graphical views showing the residual risk from out of budget investments and demonstrates the value of projects in budget, addressing leading questions such as, "when are we done?" and "what is the business getting from the investment?"

    Risk Communicator Budget Map
  5. Track Progress

    After mitigation projects have been initiated, it is necessary to track and communicate their status. For project tracking, Risk Communicator provides an intuitive interface with an interactive project status map.

    Third Defense Risk Register Project Tracker
  6. Reporting

    No spreadsheet mastery required. Risk Communicator exports all risk details, investment information, and interactive visuals to a rich text file which can be opened in Microsoft Word, and content may be copied to standard presentation applications as needed. Risk Communicator also offers a .csv export to download all information for customer analysis.

Security of Your Data

As security professionals, we want you to understand how we design our applications to protect your data. Customer information is encrypted both in transit and when stored on the server. In transit, we use SSL with strong ciphers and keys of at least 128 bits. On the server, we use AES with 256 bit keys. Each customer has a unique master key used for encrypting and decrypting data, and this key is encrypted using each user's credentials before being stored in the database. Therefore it is impossible for third parties to read any data even with full access to the live database. Additionally, we will gladly answer any security-related questions you may have about the application or its infrastructure. If you require a third-party security report, we will arrange for one to be delivered to you as soon as possible.

How to Subscribe

Access to the Third Defense Suite is granted on an annual subscription. Please contact sales@thirddefense.com to subscribe or sign up for a free trial. Further, if you're not satisfied with the Third Defense Suite, we'll refund your annual subscription at any time. Customer satisfaction is paramount to our mission and philosophy.