The app integrates with multiple end-point IT security and infrastructure management tools and security intelligence feeds to identify and prioritize the risk exposure for IT assets. It also provides sophisticated analytics and reports that transform raw risk data into actionable IT risk intelligence, providing clear visibility into the top risks within the enterprise. The app is certified for conformance with global accessibility standards and best practices as defined by WCAG 2.1 Level AA and Section 508. Features: Centralized Repository for Assets, Processes, Threats, and Vulnerabilities Define and maintain business entities such as IT risks, assets, threats, vulnerabilities, processes, and controls. Consolidate IT assets in a common library leveraging out-of-the-box connectors with a Configuration Management Database (CMDB) such as BMC Atrium. Map IT assets to threats and vulnerabilities along with associated details such as description, category, hierarchy, ownership, visibility, and validity. Consolidation of Threat Intelligence Monitor the threat landscape, zero-day advisories, and threat bulletins. Subscribe to RSS or email-based threat alerts from leading industry sources, and filter the alerts based on keywords. Vulnerability Consolidation and Prioritization Import vulnerability data from multiple third-party vulnerability scanning tools such as QualysGuard and Nessus. Alternatively, subscribe to RSS or email-based threat alerts from leading industry sources. Generate a combined risk rating across each asset’s vulnerability and business context. Based on the rating, prioritize vulnerability remediation strategies for optimal efficiency. Orchestrate the remediation process workflow using predefined templates and rules. IT Risk Assessments Assess, quantify, monitor, and manage IT risks in an integrated manner using industry standard IT risk assessment frameworks such as ISO 27001, FAIR, and IRAM2. Perform multi-dimensional risk assessments with support for both top-down and bottom-up approaches. Conduct advanced assessments by configuring risk scores, and ranking them using a simple risk matrix. Roll up the scores to an assessed entity or organization. Define the logic for computing both inherent and residual risk scores, and view and analyze these scores through flexible heat maps. Issue Management and Remediation Identify and document issues from IT risk assessments as well as threat and vulnerability management. Initiate a closed-loop process of investigation, root cause analysis, and remediation. Prioritize and assign resources for investigation and remediation through the underlying workflow and collaboration engine. Define an action plan, and track the remediation process to closure. For vulnerabilities, define rules to auto-detect vulnerability patterns among assets and to auto-trigger remediation of issues or incidents. Automatically route incidents from the app into BMC Remedy and ServiceNow. IT Risk Monitoring and Reporting Generate user-configurable risk reports, risk heat maps, and role-based executive dashboards which aggregate IT risk, threat, and vulnerability data for comprehensive visibility. Gain a 360-degree view of the information through the app’s data browser. Continuously monitor risk metrics and performance, as well as the organization’s threat and vulnerability posture.