Solutionary > Compliance & Risk Management

Services and Solutions

Managed & Monitored Security Services

Event Correlation & Information Management

Device Monitoring & Management

Internal & Perimeter Vulnerability Management

Intrusion Prevention Services

PCI DSS 1.2 Monitoring

Unified Threat Management

Security Platform Services

In-the-Cloud Security

Compliance & Risk Management

Risk Assessment & Compliance Measurement

SNAPshot Security Assessment

ISO, PCI, SOX, CobiT, COSO, HIPAA Compliance Reporting

Security ROI Metrics

Benchmarking

Security Consulting Services

Application Security Assessment

Vulnerability Assessment

Certified PCI Audit Services

Policy Review & Development

Architecture Review & Development

External Penetration Assessments

Incident Response & Forensics

Organizations around the globe are frustrated. They are struggling to make sense of the reams of data being churned out in today's enterprise environment. The real challenge is not only to identify what is important but also to be able to tie this information from disparate tools into business-centric metrics so that the senior executives can understand them, take action, and be confident that the enterprise is secure. It falls to the security managers who must differentiate between sustainable operational metrics that help them manage and business-centric metrics that are meaningful to top management.

Service Description
The foundation of Solutionary's enterprise security program design and management process, SecurCompass®, is a quantified measurement system that produces a host of security program metrics. We recognize the gap that exists between the business side and the technical sides of the organization, and we bridge that gap by providing a common language for communicating your security posture.

Our copyrighted Risk Quantification© (RQ) process for risk measurement is used to identify enterprise security risk areas and assign costs and likelihood of occurrence. RQ is used as the business requirements step of program design to identify and quantify security risks in financial terms, profile the organization as a target for threats, and document a security goal for the organization.

The Solutionary Advantages
SecurCompass will provide your organization with the information you need to identify what risks really should be addressed, and where your security dollars are best spent, quantifying a return on your investment. RQ:

Involves senior management in quantifying the business risks
Identifies general threat categories and potential outcomes as a result of negative security events
Correlates each type of incident and associated outcome with a likelihood of realization
Uses an annual loss expectancy (ALE) model as an analytical tool to estimate the total annual cost of potential security events to the organization
Uses ALE modeling to provide guidance for management in determining the security goal of the organization
Recommends the level of security spending needed to optimize the tradeoff between the potential cost of incidents and cost of prevention of the organization

Service Benefits
Security is like quality: the perception is that it is very difficult to measure, so most organizations don't try. The Computer Security Institute (CSI) recognized the measurement value of Solutionary's SecurCompass process and adopted it for use with their members.

The risk measurement process of SecurCompass provides you with exactly what you need for success.

Use metrics-based reports to procure budget dollars for risk mitigation initiatives
Garner management support for important security projects
Take advantage of Solutionary's measurements of more than 900 organizations to benchmark your security program
Use ROI metrics to justify larger security budgets

Download our PDF on Security Measurement, SecurCompass, and/or Risk Measurement. At Solutionary, we make security manageable.