PALO ALTO, Calif. — HP today announced new consulting services to help clients make rapid, data-driven decisions about the management information-security risk across their organizations.
The new HP Security Metrics Services offer a patent-pending methodology and framework to more clearly demonstrate the potential that a security incident might have on business objectives.
HP Security Metrics Services utilize an organization’s existing sources of security data, set parameters that give stakeholders a clear alert when their business objectives are at risk, and enable them to determine their overall risk posture. When threats or incidents impact stakeholder objectives, users can quickly identify the source of the risk and make timely decisions to address the threat.
Most organizations today are not able to proactively address security risks before impacting their business. This is due to the lack of necessary visibility into key security data and alerts that can help organizations determine the level of potential risk to their business.
In spite of this, a recent survey conducted by the Ponemon Institute found that 75 percent of respondents indicated that metrics are “important” or “very important” to a risk-based security program.(1)
“Security risks are getting harder for organizations to navigate, and point-solution defenses are no match for the adversaries,” said Arthur Wong, senior vice president and general manager, Enterprise Security Services, HP. “By aligning information-security data with stakeholder business objectives, HP Security Metrics Services help transform organizations to a consistent, measurable and proactive security posture to make informed risk decisions and justify security spending.”
The new HP Security Metrics Services allows businesses to:
- Identify security risk indicators through cutting edge framework
By utilizing a simple, clear framework that links IT assets to 34 identified key risk components, organizations can prioritize their business objectives and processes and correlate them to threats, vulnerabilities and incidents. These components are underpinned by a predefined library of security data sources, which specifies how the data is gathered and used to provide ongoing business-related risk information.
Using this framework, changes in risk indicators will alert stakeholders to see which risk component category has triggered the change. Once the category has been identified, stakeholders can drill down into the associated higher-level reporting, trending, information dashboard and data layers to investigate causes of the changed risk-indicator status. - Manage risk by leveraging at-a-glance security incident alerts
HP Security Metrics Services leverage the HP Executive Scorecard software application to display critical business objectives in a user-friendly dashboard. This allows for quick, at-a-glance security incident alerts that enable users quickly to obtain additional detail, including processes and assets prioritized by their risk status.
HP Security Metrics Services use the HP Executive Scorecard coupled with patent pending methodology and framework to help clients:
- Deepen executive-level security engagement by demonstrating how specific security risks imperil business objectives.
- Reduce risk exposure and minimize security incident damage by alerting key stakeholders to risks, enabling them to take timely and effective action.
- Assist regulatory compliance with better incident reporting as well as trends in threats and vulnerabilities that may affect compliance.
- By providing identifiable links among security management activities, supporting resources and business objectives, support investment decisions and track results achieved from security investments.
HP’s premier Americas client event, HP Discover, takes place June 10-12 in Las Vegas.
Availability
HP Security Metrics Services is available immediately worldwide.
(1) Ponemon, “The state of risk-based security management,” July 2013.
This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of management for future operations; any statements concerning expected development, performance, market share or competitive performance relating to products and services; any statements regarding anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the need to address the many challenges facing HP’s businesses; the competitive pressures faced by HP’s businesses; risks associated with executing HP’s strategy and plans for future operations; the impact of macroeconomic and geopolitical trends and events; the need to manage third-party suppliers and the distribution of HP’s products and services effectively; the protection of HP’s intellectual property assets, including intellectual property licensed from third parties; risks associated with HP’s international operations; the development and transition of new products and services and the enhancement of existing products and services to meet customer needs and respond to emerging technological trends; the execution and performance of contracts by HP and its suppliers, customers, clients and partners; the hiring and retention of key employees; integration and other risks associated with business combination and investment transactions; the execution, timing and results of restructuring plans, including estimates and assumptions related to the cost and the anticipated benefits of implementing those plans; the resolution of pending investigations, claims and disputes; and other risks that are described in HP’s Annual Report on Form 10-K for the fiscal year ended October 31, 2013, and that are otherwise described or updated from time to time in HP’s Securities and Exchange Commission reports. HP assumes no obligation and does not intend to update these forward-looking statements.