This document discusses an ideal IT security solution that would help organizations: 1) Measure ROI for security investments and demonstrate business value to executives. 2) Understand security risks as part of business decisions and get support for spending. 3) Provide fact-based justification for security spending and establish a security profile to contribute to risk management planning.

3. Have a common framework to use with colleagues to understand risks and rewards around important company business decisions?

4. Establish, track, and mitigate an IT security profile in real time?

5. Contribute to company risk management planning with your own IT Security specific “what if” scenarios?Easily and cost effectively…

6. The Ideal Solution Provides evidenced based insight into the unknown’s of IT security Purpose-built platform that draws on the applications already in place Has key information readily available to align security with overall corporate objectives Reduces the cost of compliance efforts Can normalize data feeds Will map numerous standards Fast time-to-value, affordable, and quick to implement

7. Solution Focused Deliverables Executive meeting preparation and budget justification Asset/Data Classification Internal pre-assessment and Risk Posture Security spend prioritization Product purchase prioritization Acquisition Risk Analysis Third Party Assessment Management Compliance Audit Readiness Audit Mitigation Project Management

8. The Strategy Dashboard for CISO’S Compliance Short & Long Term Strategy IT Security Investments Programs & Priorities Budget

9. Monitor &Manage Assessment Projects Monitor risk assessment and mitigation projects across the organization from one central command post. Manage assignments, updates, and approval tasks. Capture and retain pertinent documentation.

10. Powerful Summary Dashboards The Assessment Scoreboard provides a company-wide view for a particular standard based on assessment results. Color coded wedges indicate domains where the organization is and is not compliant. By clicking a wedge…

11. Drill Down Details …drills down into the details for each domain. You can see at a glance which business units are compliant and which are not. Mitigation of noncompliant controls can be tracked in ASLM. Have the facts on risk side of risk/reward to support appropriate decision making

12. Rich Out-of-the Box Expertise ASLM offers a wide range of standards to measure compliance with mappings across standards included. Compliance in one area also maps to compliance in several others. Custom standards can also be included.

13. Normalized Scoring Across Standards ASLM offers a wide range of standards to measure compliance with a normalized scoring system across standards. Organizations with multiple regulatory reporting requirements benefit from the scoring system. Custom standards can also be included.

14. Comparative Risk Analysis Analyze current risk posture to help prioritize future IT compliance spending targets. Perform trend analysis to see how different parts of the organization are performing over time. Compare risk positions by business unit or by asset type

15. Compliance Assessment Targets and Status View assessment gap analysis: comparing collective results and showing progress toward compliance. With data you already have.