Chief Information Security Officer

Reduce the risk of IT

If the IT landscape is not clearly defined, the Chief Information Security Officer is working in the dark. The CISO must have reliable data on applications and technologies and who is using them to be able to estimate, tackle and mitigate risk effectively.

Without this clarity, organizing assessments, prioritizing risks and implementing controls is impossible. planningIT makes all this possible, and also allows the articulation of IT risks in a form that business can understand.

Explore more:

 
 
|1532|| /media/12232/ciso1.jpg |1532|1566| /media/12240/ciso2.jpg

Application Information Flows

The information flow view for an application shows all information flows between the current applications and other applications. We can see incoming as well as outgoing information flows and the user can drill down into the specific implementation of the interface if required. Because information flows have a life cycle, we can not just see the current interfaces but also past and future (to-be) interfaces for the application.

|1532|1567| /media/12248/ciso3.jpg

Linking Information Architecture and Application Architecture

While the above information looks overwhelming, it is a critical tool for the information architect and the solution / application architect. The CRUD matrix above shows all the data objects that an application accesses and manipulates. In addition, for each of the data objects, the system also shows all the other applications that either create or manipulate the data objects. In case of a data consistency or data quality problem, this view help the user to quickly identify the potential sources of the data problem.

|1532|1569| /media/12256/ciso4.jpg

Inventorize your Risk Objects

The first step in a risk management process is creating a commonly accepted view of the IT scope – the object of the IT risk assessment For application risk assessments – this means an inventory of the applications. When creating the inventory, focus on actual need in risk management.

|1532|1570| 4