“Not only did the

Agiliance solution

alleviate some

immediate pain through

automation of the

seemingly never-ending

list of compliance

assessments, I believe it

will ultimately help us

implement a proactive

and cost effective risk

management strategy.”

— Shane Fuller, Information Security & Compliance Manager, RSA Insurance

Agiliance RiskVision 4.0IT Risk Management and Compliance Automation Platform

Agiliance RiskVision™ is a complete IT risk and compliance management system designed to help organizations keep pace with the expanding requirements of IT compliance and operate at their highest level of performance. With powerful risk management and automation capabilities, companies can reduce compliance related costs by up to 70% and improve oversight of IT compliance initiatives. Our integrated IT risk and compliance management platform is being used by some of the world’s largest companies to solve their most pressing issues including business continuity management, vendor risk management and compliance management.

SOLUTION BENEFITS • Delivers real cost savings: Agiliance RiskVision supports repeatable, sustainable controls monitoring, testing and reporting processes to reduce compliance related costs by up to 70%.

• Streamlines existing compliance processes: The product helps businesses reduce time to compliance by up to 80% and maintain ongoing compliance with mandates without invasive and expensive overhauls of IT infrastructure.

• Improves risk management efforts: Agiliance RiskVision supports an “always-on” proactive approach to risk management that helps companies gain enterprise-wide visibility into risks and reliably report on current IT risk exposure.

• Supports effective governance: Agiliance RiskVision allows organizations to measure and report on the effectiveness of risk and compliance initiatives, better align IT strategy with strategic business goals, optimize existing security investments and IT resource usage. This combined with advanced risk methodologies and dynamic modeling allows businesses to make risk-informed strategic decisions.

• Rapid deployment and long term ROI: Agiliance RiskVision was built from the ground up as a standards-based product that supports the extensibility, reliability and usability requirements of today’s enterprise. The solution accelerates time-to-deployment with advanced configurability features and extensive interoperability with third- party applications.

BUSINESS CHALLENGESuccessfully balancing today’s risk management, cost reduction and compliance equation can be a difficult feat. As security incidents and new regulations continue to grow in number and complexity, businesses often find themselves diverting precious staff time and operating budget away from growth supporting initiatives to reactive activities such as regulatory audits.

As demands to control the bottom line increase and regulators become even more aggressive, over-investing in compliance-related programs can negatively impact a company’s ability to fund future growth initiatives. For businesses that want to break out of the current inflated threat and compliance-driven spending model to develop a more resilient and cost-effective IT risk management process, Agiliance RiskVision

helps businesses strategically manage compliance demands and allocate IT budget and resources based on business objectives.

AGILIANCE RISKVISION OVERVIEW Agiliance RiskVision arms companies with an efficient, repeatable and continuous process for IT compliance and risk management. It provides complete visibility into current risk status and delivers the accurate intelligence and analytics required to ensure informed business decisions based on risk posture can be made with ease and confidence.

RISK MANAGEMENT DATABASE Agiliance RiskVision is the only product on the market that features a unified Risk Management Database (RMDB) that automatically aggregates and correlates data and controls across systems, people and processes as well as controls from standards,

“Agiliance RiskVision

is purpose-built from

the ground up to

what it is intended to

do – provide IT-GRC

management. Since it

is not a suite of glued

together products, it

does not need to be

integrated to work.

From the beginning,

sophisticated risk

intelligence and

management went

into the product.”

— Peter Stephenson Senior Editor SC Magazine

frameworks, policies and regulations – out-of-the-box without the need for custom development – to serve as a single authoritative source of IT risk from IT and non-IT entities.

Provides authoritative source of IT risk. Agiliance RiskVision collects risk data from non-IT entities like people, vendors, and processes using web-based e-surveys and automatically imports risk data from a wide range of IT, security and compliance assets. Streamlines compliance efforts across multiple regulations and best practices. Agiliance RiskVision ships with a content-rich Common Control Framework that premaps controls across over 30 regulations and industry mandates (e.g., SOX, HIPAA, PCI, GLBA, and NERC), many standard frameworks (e.g., ISO 17799/27001/27002, CobiT, and NIST SP800-53/SP800-66), 10,000+ controls and sub-controls, and 200+ key risks as well as best practices, threats, vulnerabilities and integration with live threat data feeds.

Controls are automatically mapped to entities, whether people, processes or systems, based on profiles. By providing a mapping of all policies, controls and regulatory requirements, Agiliance RiskVision automatically rationalizes controls across multiple regulations, thereby reducing overall effort and cost required to meet regulatory requirements. Unlike security automation point solutions or process-related GRC applications, Agiliance RiskVision combines data and test results from both IT and non-IT entities to dissolve organizational silos and provide an authoritative single view of IT risk across the enterprise.

ANALySIS AND WORKFLOW ENGINEAgiliance RiskVision supports an “always-on” proactive approach to risk management that helps companies gain enterprise-wide visibility into IT risks and reliably report on current IT risk exposure by transforming and linking entities, regulations, policies and controls to risk scores. With the ability to accurately monitor and report policy and compliance-related violations and track remediation efforts, business can proactively manage corporate risk.

Delivers centralized policy management. Agiliance RiskVision enables IT, risk and compliance managers to create new policies, promote policy awareness, manage policy exceptions, assess policy compliance, and view risks that may arise from non-compliance. Policies are linked to controls and can be linked to risk as well – allowing analysts to view risk of non-compliance. Complete

“Agiliance comes

out on top in terms of

risk functionality that

provides, out of the box,

the most standards-

based methodologies

for analyzing IT risks.”

— Marc Othersen Senior Analyst Forrester Research

policy authoring, review, approval and dissemination capabilities based on multi-stage workflow are built-in to the application. The product includes awareness campaigns that can be used to promote, communicate and test employees’ understanding of policies.

Automates Assessments. Agiliance RiskVision streamlines assessments using web-based e-survey questionnaires and automated workflow with the ability to import findings in multiple formats and from multiple sources. E-survey questions are automatically generated based on controls, delivered and tracked based on configurable workflow to help avoid dead-ends and project delays. Survey responders can attach evidence in the form of csv, pdf, excel or word files (e.g. structured files containing activity or time stamp data from systems such as physical access control, building management or fire protection systems for data centers) for use by auditors. Powerful project wizards allow assessment projects to be quickly initiated and easily configured using pre-defined workflows or previous

assessment projects. E-surveys can be delegated to teams or individuals and the system assures that the right people are responding to the surveys. The solution enables multiple assessment projects to run simultaneously and scales to conduct assessments on tens of thousands of entities. Provides a complete closed loop risk management system. The product provides continuous visibility into the monitoring, management and reporting of risks and controls across departmental and geographical boundaries to help eliminate silos. Agiliance RiskVision calculates current risks, inherent risks and remedial risks with operational risk scoring of controls down to the sub-control level across 10,000+ controls in the Common Control Framework. The product supports multiple risk methodologies including ISO 27005, ISO 31000, and COSO ERM and risk assessment types, such as, IT risk, ERM, KRI trending and threat models so that companies can anticipate potential threats and react appropriately.

The product automatically prioritizes IT assets such as servers, applications and network devices that need to be monitored for risk so that the most critical assets can be addressed first, e.g., those containing personal identification information, medical records or credit card information. Using

“We’re working with

Agiliance because

their product met

our key criteria

which include easy

integration with our

company’s existing

applications.”

— Oliver Eckel, Head of Corporate Security, bwin Interactive Entertainment AG

this intelligence, decision makers can be confident that budget is being wisely allocated towards the most critical assets – eliminating overspending on shotgun approaches that may add unwarranted controls across the entire IT environment.

To provide end-to-end risk management, Agiliance RiskVision automates remediation and mitigation workflows with a native ticketing system and integration with internal ticketing systems, like BMC Remedy and HP Service Center, and ensures that remediation, exception handling and delegation to teams is handled in a efficient manner.

INTELLIGENCE CENTER With intuitive risk performance dashboards and powerful analytic tools, Agiliance RiskVision allows companies to pull together the interdependent disciplines of security, compliance and risk to establish more accountable and effective IT governance without the associated high costs and inefficiencies of disparate programs. Agiliance RiskVision helps companies evolve their risk management processes by providing current and accurate visibility into how IT risk affects the entire organization and by enabling rapid, informed decision making on allocation of IT security investments and risk posture to ensure business resiliency. By combining advanced quantitative and qualitative risk analysis techniques, customers have the degree of granularity needed to make informed risk-based decisions.

Delivers dynamic risk modeling to support informed business decisions. Agiliance RiskVision delivers powerful “What-If” risk modeling capabilities to study the effects of applying specific controls before changes are made. With roles-based views, managers across the enterprise can assess the impact of various risk mitigation plans including the cost of downtime and the cost of replacing the asset to make real-time decisions about remediation versus accepting or transferring the risk. Agiliance RiskVision allows risk parameters to be expressed in dollar values, making it easy to compare the cost of controls to their effectiveness in mitigating the corresponding risks. This, in combination with powerful trending tools, allows executives to easily track and measure the effectiveness of risk and compliance programs over time.

Ships with over 150 standard templates to document compliance and communicate risks. The built in reporting capabilities help companies to efficiently meet regulatory and executive reporting requirements. With customization features and real-time data-feeds, users can create up to the minute content-rich reports for auditors and executives within a matter of minutes. The product allows users to report on compliance

“Agiliance is one of

the solutions we use

in Arizona as part of

our overall effort to

take an “always on”,

proactive stance to

security and risk so that

we can stay ahead of

evolving threats and

preserve confidence in

government services.”

— Fred Sargeson General Manager NIC- State of Arizona

status, risk status, remediation status and business ROI information based on exposure, rate of occurrence and loss expectancy.

Provides executives with accurate and up-to-date risk and compliance transparency. By normalizing and combining risk from non-compliance with regulations and standards, IT security and system automation gaps as well as process related risk, Agiliance RiskVision consolidates risk data into dashboard views that provide executives transparency into current compliance and risk status. Using roles-based views, risks can be effectively communicated across the organization using the intuitive web-based interface to display risk and compliance results in summary views by organization or business unit.

WHy AGILIANCEAs the costs and complexity of IT risk and compliance management continues to rise, Agiliance believes that customers deserve high performance solutions that completely address the IT risk and compliance demands of today and scale to meet future challenges. Agiliance RiskVision was built from the ground up as an integrated IT risk and compliance management platform that supports the automation and risk management

requirements of today’s enterprise. Agiliance solutions are highly configurable and easy to integrate so that companies can realize time to value in 45 days or less.

Our security automation and enterprise software acumen allows us to offer the capabilities customers need to support long-term risk management goals and realize up to a 70% reduction in compliance related costs. By offering market-ready “quick-start” solutions, Agiliance helps companies progress from first phase compliance projects through to robust and strategic IT risk management programs with ease and confidence.

With the industry’s most powerful risk management and automation platform, Agiliance is the company that global 2000 companies trust to solve their most pressing risk issues including business continuity management, vendor risk management and compliance management.

ABOUT AGILIANCEAgiliance offers highly-automated IT risk and compliance management software products designed to

help organizations thrive in the face of mounting pressures to manage and balance risk, compliance and

IT budgets. Global 2000 companies in the financial, healthcare, energy, government and technology

industries are leveraging the power of Agiliance software to cut compliance costs and to provide decision

makers with the current and accurate intelligence they need to better understand how IT risk affects their

entire organization.

1732 North First Street Suite 200 San Jose, CA 95112

p: 408.200.0400 f: 408.200.0401

Agiliance, Inc. www.agiliance.cominfo@agiliance.com

InnovatIve Modern archItecture• n-Tierwebapplicationsutilizing Web2.0andAjaxcapabilities• ApacheandJavastack,cross- platform,enterprisescalable• Webservicesinterfacefor connectors,reportsanddashboards

connectIvItYConfiguration Management SystemsAltirisSecurityExpressions(Symantec)BigFixBMC AtriumNetIQ SCMSymantec ESM

Vulnerability ScannerseEye RetinaHPWebInspectIBM Rational AppScanISS SiteProtectorMcAfee FoundstonenCircle IP360Nessus–TenableQualysGuardSkybox

Remediation ManagementBest Practical Solutions RTIRBMC RemedyHPServiceCenter(Peregrine)

Security Information Managers (SIM/SIEM)ArcsightEnterpriseSecurityManagerCisco MARSNetIQ Security ManagerNovellSentinelRSA enVision

Integrated Security ManagersMcAfeeePolicyOrchestratorRSADLPEnterpriseSuite(EMC)

Identity Management CA SiteMinderIBMTivoliIdentityManagerOracle Identity ManagerSun Identity Manager

Automated Controls ApprovaBizRightsPlatformOracle Enterprise ManagerSAPGRCAccessControl(Virsa)

© 2008 Agiliance, Inc. All rights reserved.