Citicus ONE R3.2
June 23, 2010
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Strong business policy, compliance and regulatory risk management tool. Great reporting
- Weaknesses: Interface was very busy. Not strong on remediation recommendations
- Verdict: Good risk picture with dependency map. Strong built-in control/regulatory framework
Citicus ONE establishes an efficient and continuous process for measuring and managing information risk and compliance across the organisation. It helps establish the criticality of business systems and IT infrastructure and tracks how the measured risk tracks with the defined acceptable level.
It also monitors compliance with internal policies, regulatory standards and legislation. Built-in control frameworks include ISO 27001, PCI DSS, ISF, ITIL SoGP, CobiT, SOX and Basel II. Additionally, any local policies and regulations can be readily imported. We were impressed with the capability of the tool to map an identified risk right down to the individual requirement in the policy document.
Citicus ONE uses web-based data collection forms, including asset criticality assessments and risk scorecards underpinned by detailed threat and vulnerability checklists. These ensure that objective and consistent data is recorded, identifying risks to business applications, IT infrastructure and outsourced services. The tool and the supplied content for developing the criticality assessments were very powerful.
Reporting is provided at multiple levels from owners of individual assets on the ground to top management who require an overview of risk and compliance for a business unit or the entire enterprise.
Reports include dashboards, risk and compliance league tables, heat maps, trend reports and risk dependency spider maps. These were very useful in linking the various element of the risk to the critical resources. This map links the five risk factors of control weakness, special circumstances, business impact, level of threat and criticality, in graphical fashion.
Remediation planning is supported through recording risk and compliance issues and the specific action required to resolve these. Actions can be assigned to individuals, costed and tracked to completion.
Citicus ONE is offered as a hosted SaaS subscription or as a deployed software solution. The deployed solution has an SQL server backend with IIS/.Net front end. There is an automated installation that installs and configures the initial product. Support on an 8/5 basis is provided for the first year and includes phone and email access.
This solution provides a lot of content and capability for the price in the business risk space.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Russian intelligence claims to bust up pending banking cyber-attack
- Presidential commission calls for collaborative action to combat cyber-threats
- Russia's banks will be hacked today, apparently
- Met Police grab suspect with phone unlocked to get hold of data
- Researchers hack Visa cards in six seconds