Information risk management and security specialist Invictis has announced the launch of its Invictis Risk Score (IRS) service: a rapid comparative risk benchmarking service using proprietary methodology and complex mathematical algorithms to generate a comprehensive security profile of any given enterprise.
Offered in three incremental stages, IRS enables large and medium-sized businesses to understand their ‘security posture’ within the context of their industry and beyond.
Internal and external factors – including security standards, legislation, regulation and Best Practice – are used to determine the Risk Score of the business and generate comparative data that can be used to identify potential areas of under- or over-investment, justify expenditure, focus resources and determine the effectiveness of future business strategies.
IRS consists of a no-fee initial qualitative and quantitative assessment of the overall risk posture based on multiple-choice questionnaires.
A web-based front-end collates internal and external audit information while sophisticated back-end processes take into account additional horizontal and vertical sector-specific factors including compliance requirements and cyber threats.
Key areas examined include the philosophical approach to information security, risk appetite, strength and completeness of security policies, certifications and accreditations, specific business activities, internal security awareness, the thoroughness of educational programmes, use of technical controls, testing and validation regimes and planned projects.
In practice, a dynamic mathematical risk model computes and processes the results to generate a Risk Score indicative of the security posture of the enterprise in a real-world context.
Three-stage model
IRS is delivered in three stages. Stages 1 and 2 are offered free of charge while Stage 3 is a subscription-based service which benefits from a quarterly report and alert service.
Qualitative: a rapid ‘traffic light’ indicator of the risk posture of the organisation, highlighting areas requiring attention
The traffic light indicator represents an evaluation of risk at one point in time, and participants are invited to reassess periodically to take account of both frequent updates to the IRS model as well as internal developments in policy, process or security architecture
Quantitative: awards a numeric Risk Score from 1-100 according to the company’s standing within a given sector, and incorporates a more thorough assessment of the areas identified in Stage 1
Comparative Risk Benchmarking: offers a comparative benchmarking service by comparing the IRS Risk Score with the performance of peer groups and competitors
Subscribers benefit from a quarterly reassessment delivered as a comprehensive report which acts as an independent, cost-effective and ongoing means of measuring and assessing risk
Incident alerts are triggered to prompt reassessment in the wake of significant changes to the regulatory or threat landscape
Business advantages for the end user
IRS confers a number of business advantages. For example, by allowing the enterprise to rank its effectiveness and ensure the security budget is in line with sector levels, it’s possible to identify potential areas of under-investment and over-expenditure, target resources and focus spend.
The data also allows the enterprise to justify future expenditure in a changing threat landscape or in the light of emerging security standards, legislation or regulation, for example, any of which could negatively impact the Risk Score.
Moreover, the comparative analysis can inform business development, enabling the enterprise to understand the risk environment of an adjacent market or as part of the due diligence carried out during mergers and acquisitions.
“Industry bodies, such as Intellect, have been calling for a means to benchmark information risk for some time now, and IRS presents a vendor-independent, product-agnostic means by which organisations can quickly and effectively do exactly that,” explained Richard Walters, CTO for Invictis, when in conversation with SMT Online.
Management team full of experience
For his part, Walters boasts an intimate understanding of the complex relationships between risk management, standards, regulations and legislation such as ISO/IEC 27001/2, PCI DSS and the Data Protection Act.
Walters has a 25-year career history behind him in the IT sector. He spent six years at CTO at Integralis, as well as three years in the same role at Overtis. Walters is now supported at Invictis by co-founder Steve Smith and Anthony Franks, who’s part of the senior leadership team.
A start-ups expert, Walters created security validation services which generated euro 1m revenue in 12 months and doubled high-margin managed services revenues in only two years for Integralis. He was directly responsible for strategy and driving early revenue for several vendors, many of whom were acquired, including entercept, NetworkICE, Cybersafe and Foundstone.
Smith was founder of Kudos Marketing, an IT specialist marketing and PR concern. Here, he delivered strategic and tactical marketing for companies such as PGP Corporation (specifically its launch into Europe), SecureTest (which was acquired by NCC), Blackspider, Websense, Overtis and Integralis (Europe’s largest security services company).
As marketing director of UC specialist Cisco partner ABSNet, Smith was responsible for creating its security services division and the rebranding and marketing development of ABSNet. His input helped revenues double and profits to increase by 300%. The company was eventually sold to Capita for GB pound 13.6 million in under two years.
Anthony Franks OBE served as a lieutenant colonel in the British Army, and was head of military intelligence and security in Cyprus. On leaving the forces, Franks became managing director of intelligence in Kroll Security International working with clients in highly complex and hostile markets.
Franks writes and advises extensively, especially in the fields of operational, business and political risk and physical security integration. He’s currently security and risk director of Mars Omega, an international business that delivers command, control and knowledge consultancy to businesses operating in complex environments, and is a director at Invictis.
Budgets are tight, resources need to be focused
“IRS allows an organisation to really grasp where they stand in their industry and how they compare with peers and competitors,” added Walters.
“That kind of data is invaluable in today’s market where budgets are tight and resources and future investment need to be focused. It’s also invaluable in view of the cyber threat which is becoming more of an issue, with sophisticated attacks specifically targeting individuals and the Boards of companies in particular sectors.”
IRS complements the existing range of security project and subscription services offered by Invictis (including IRIS, a risk intelligence service which provides sector specific commercial, geo-political and cyber threat insights and ITRA, an intelligent assessment service which identifies vulnerable assets, the threats posed to them and the impact of a compromise to establish the level of protection or mitigation required).
To take an IRS assessment please visit: http://www.invictis.com/services/IRS (a dedicated link is provided at the foot of this page)
Further information on Invictis
Invictis take an objective intelligence-led, business-driven approach to information risk management. By delivering comprehensive, product-agnostic services that identify, orientate, benchmark and manage risk within a given threat environment, the company offers a context-based approach to security.
Understanding both the challenges and opportunities associated with the storage, transmission and use of an enterprise’s key asset – its information – Invictis always strives to identify and mitigate the cyber threat without impact to legitimate operations.
Headquartered in the UK, Invictis delivers its expertise to clients throughout Europe, the Middle East and Africa.
Further information is available on the website (click the dedicated link below)
