SOURCE: Prevari


April 20, 2009 09:10 ET

Prevari's Technology Risk Manager Upgrade Supports NIST SP 800-37 Revision 1

Prevari Enhances Technology Risk Manager; Enables NIST SP 800-37 and Continuous Monitoring

MINNEAPOLIS, MN--(Marketwire - April 20, 2009) - Prevari, an information risk measurement company, today announced an upgrade module for the Technology Risk Manager (TRM) product line. Prevari's TRM consumes security scan data from market-leading scanners whether OVAL, XCCDF or a proprietary format. TRM also considers implemented technical and compliance controls to provide an objective, quantitative, repeatable and defensible index of both inherent and residual risk. Once implemented, TRM provides objective comparative risk analysis between geographic networks, operational groups, or multiple systems. TRM generates simulations to highlight where additional controls may be warranted to meet specific regulatory or risk requirements.

TRM now enables all levels of management as defined in the NIST SP 800-37 Rev 1 specification Risk Management Framework. This is accomplished by providing a holistic view of the ongoing state of IT risk as illuminated by quantitative metrics to support Continuous Monitoring. Security Authorization decisions are supported with TRM's modeling and simulation algorithms and enable the Authorizing Official to make objective risk decisions relevant to their systems' current risk posture.

"Senior management struggles to continuously monitor IT risk across the organization while comparing multiple systems against their respective accreditation levels over time. Having the framework and associated tools to support ongoing risk determination and risk acceptance is critical to defending one's environment," said Frank McLallen, VP of Sales and Marketing. "We are pleased with the direction taken by NIST. Prevari's ability to align with the SP 800-37 framework by delivering objective and quantitative risk metrics, along with our modeling and simulation capability, clearly adds value to public-sector agencies," said McLallen.

Technology Risk Manager (TRM) 3.4

TRM is a scaleable software application that provides predictive analytics to enable senior leadership and technology managers to quantitatively measure information risk. TRM results are presented as the Prevari Risk Indices for Confidentiality, Integrity, Availability, and Audit. Managers at both senior and departmental levels are provided with the metrics necessary to make both strategic and tactical business decisions to improve security and manage risk -- metrics that are objective, quantitative, repeatable and defensible.

About Prevari

Headquartered in Minneapolis, Minnesota, Prevari's mission is to improve the science of information risk management. Prevari's patented predictive analytic products provide customers with state-of-the-art IT Risk Analysis and Compliance Management capability to objectively and quantitatively, measure, simulate and manage IT security risk and compliance.

Contact Information