Risk, Incident and Audit Management
Auditing & IT-Risk Management
Risk, incident and audit management in brief
We provide a suite covering risk, incident and audit management. When looking at agility and ease of deployment, our system is a heavy competitor to big and not-so-agile systems such as RSA Archer. Our solution is suitable for any industry, and it does not require major deployments, neither training nor certification. The solution fits both business and IT needs.
The below descriptions of the system should be seen as examples and practical recommendations only. However, the system is configured to suit each customer’s individual needs. At the same time the necessary instructions and training materials are customized.
What Mint Security delivers
Our goal is to eliminate the need for separate applications and to link logically related items that have traditionally been handled separately. All parts of the management system can also be implemented separately.
Using the system eliminates the problem related to reporting compared to, for example using Excel, because since the items are registered in the system, various compilation reports are generated automatically. We implement for our customers complete dashboards and, in addition, they have access to extensive search capabilities which cover the entire platform. Efficient and easy-to-compile reporting enhances productivity.
The technical implementation of the solution is based on the Atlassian JIRA system. Many companies already use JIRA, which means that the threshold to adopt the instructions for use and to deploy the system is very low. The risk, incident and audit management can be done either in a transparent or a more protected way, depending on the access rights defined in JIRA. Access right and privilege management is linked to the company’s user directory, possibly to existing roles.
- To sum it up:
- We remove the need for separate applications
- We link items that are logically related but have traditionally been treated separately
- We remove the need for separate documentation
- We improve reporting
- We increase transparency and efficiency
Customer needs and challenges to be solved
A challenge for risk management and risk registers is how to implement them efficiently within the organization. Often risk management is a task that the management or a risk management unit run once or twice a year. Risk management is effective only when it is put into practice at the grassroots level in the organization. At the grassroots level, “micro risks” can be fed into the system, and then the information is aggregated to a higher level of abstraction, eventually reaching the highest ERM level.
More details about our methods and tools
System components
The illustration below shows the roles that operate in the system, as well as the information produced and maintained by each entity. The quarter at the bottom right of the picture is optional – for those companies who are already directing their IT and project work with JIRA.
Implementation
Implementation is always customer-specific, so below is a description of a typical implementation and deployment procedure:
- JIRA and necessary add-ons are installed
- The customer specific fields and their values are defined
- A risk register is configured
- Risk workshop – the risks are entered into the register
- Past incidents are fed into the systemOne audit is planned
- The instructions are modified to fit the organization and the users are trained
What can the system look like?
The picture below shoes the main risk screen. In addition, the system comes with pre-configured screens for incidents as well as for audits and workshops. We present all this in our demo sessions.
Kokemuksemme turvin olemme keränneet valmiita riskejä riskirekisteriin. Riskit ovat aina yrityskohtaisia, mutta riskiworkshopeissa pääsee hyvin nopeasti tulokselliseen työskentelyyn käyttämällä valmiita pohjia ja ideoita.
Riskirekisteripohjamme kattaa esimerkiksi seuraavia osa-alueita:
- Toimitilariskit
- Pilviriskit
- Sovelluskehitysriskit
- GDPR-riskit
- Liiketoimintariskit
JIRA on kehittynyt asianhallintajärjestelmä, jota voi konfiguroida hyvin vapaasti vastaamaan kulloinkin tarvittavaa prosessia ja siihen liittyvää tietoa. JIRA on kustannustehokas ratkaisu ja se toimii sekä on-premises että pilvessä. JIRA on laajalle levinnyt, hyvin tuettu ja jatkuvan kehityksen alla oleva alusta.
JIRA-alusta integroituu moneen eri järjestelmään. Alla on listattu meidän näkökulmastamme olennaisimmat integraatiot, joista erityisesti riskien-, insidenttien- ja auditointienhallintajärjestelmä hyötyy.
- Veracode
- HackerOne
- Splunk
- NCSC-FI VULNERABILITIES SUMMARY -sähköpostit
- ZenDesk
- ServiceNow