allgress high level presentation

© 2009 ALLGRESS, INC. 1ALLGRESS, INC.2600 Kitty Hawk Road Suite 109 Livermore, CA 94551 www.allgress.com∙ ∙ ∙

ALLGRESS: THE INTERSECTION OF BUSINESS RISK AND IT SECURITY.APRIL 12, 2023


© 2009 ALLGRESS, INC. 2

What if you could…

• Gain a measureable ROI for IT Security investments?

• Demonstrate and communicate the business value of security investments to executives?

• Measure, balance, and align the cost of security with business needs?

• Understand IT security risks as you make strategic and tactical business decisions?

• Get credible support from IT for spending requests?

• Provide fact-based rationalization for IT security investments to C-level staff?

• Have a common framework to use with colleagues to understand risks and rewards around important company business decisions?

• Establish, track, and mitigate an IT security profile in real time?

• Contribute to company risk management planning with your own IT Security specific “what if” scenarios?

Easily and cost effectively…



The Ideal Solution

• Provides evidenced based insight into the unknown’s of IT security

• Purpose-built platform that draws on the applications already in place

• Has key information readily available to align security with overall corporate objectives

• Reduces the cost of compliance efforts

• Can normalize data feeds

• Will map numerous standards

• Fast time-to-value, affordable, and quick to implement



Solution Focused Deliverables

• Executive meeting preparation and budget justification

• Asset/Data Classification

• Internal pre-assessment and Risk Posture

• Security spend prioritization

• Product purchase prioritization

• Acquisition Risk Analysis

• Third Party Assessment Management

• Compliance Audit Readiness

• Audit Mitigation Project Management



The Strategy Dashboard for CISO’S

• Compliance

• Short & Long Term Strategy

• IT Security Investments

• Programs & Priorities

• Budget


Monitor risk assessment and mitigation projects across the organization from one central command post.

Manage assignments, updates, and approval tasks.

Capture and retain pertinent documentation.

Monitor &Manage Assessment Projects


The Assessment Scoreboard provides a company-wide view for a particular standard based on assessment results.

Color coded wedges indicate domains where the organization is and is not compliant.

By clicking a wedge…

Powerful Summary Dashboards


…drills down into the details for each domain. You can see at a glance which business units are compliant and which are not.

Mitigation of noncompliant controls can be tracked in ASLM.

Drill Down Details

Have the facts on risk side of risk/reward to support appropriate decision making


ASLM offers a wide range of standards to measure compliance with mappings across standards included.

Compliance in one area also maps to compliance in several others.

Custom standards can also be included.

Rich Out-of-the Box Expertise


ASLM offers a wide range of standards to measure compliance with a normalized scoring system across standards.

Organizations with multiple regulatory reporting requirements benefit from the scoring system.

Custom standards can also be included.

Normalized Scoring Across Standards


Analyze current risk posture to help prioritize future IT compliance spending targets.

Perform trend analysis to see how different parts of the organization are performing over time.

Comparative Risk Analysis

Compare risk positions by business unit or by asset type


View assessment gap analysis: comparing collective results and showing progress toward compliance.

With data you already have.

Compliance Assessment Targets and Status

allgress high level presentation

Technology

compliance assessment

cost of security

assessment results

security risks

risk posturesecurity

risk positions

factson risk

security profile