Access your Pro+ Content below.
SRP evaluation criteria: Tools to enable security as a process
This article is part of the July 2003 issue of Information Security magazine
In the July 2003 Information Security magazine cover story, IT risk assessment: Using security resource planning products to improve, we evaluated three security resource planning (SRP) products based on the key criteria listed below. Framework/approach. Each SRP vendor has a different framework and varied approach to managing risk. The usage and processes that map inherently to the application will help the organization integrate a solution into its environment to evaluate risk levels, apply controls and remediate vulnerabilities. Risk measurement. Measuring risk, even in a basic way, allows enterprises to identify those areas that require protection and prioritize the workload. Vendors should provide some level of risk measurement, whether it's at a general level (high, medium, low) or more quantitative and specific. Measurement aids in risk evaluation and follow-up assessment of remediation activity. Content and knowledge management. The ability to capture and distill public security information--alerts, patch updates, etc.-...