MILFORD, CT - October 24, 2006 A uniquely powerful self-assessment and security planning tool for financial services institutions was announced today by Perimeter, the only provider of complete e-security on demand. In a twenty-minute online session, the powerful RiskProfileTM system helps IT and technology executives align security plans and spending with the business risks of their institutions, and provides valuable data benchmarking the user's results against other institutions.
The no-obligation service is free through December 31 to help build the largest possible industry database. Initial system templates and processes are tailored to banks and credit unions, including preset, adjustable templates for five types of institutions from the smallest to billion-dollar, multi-branch firms.
A wide range of security and financial services industry experts have co-developed the new planning tool, including Federal and industry regulators from several agencies, outside security professionals, bank security officers and a dozen top security professionals at Perimeter. More than two years in development, the Risk Profile system is built atop industry best practices gleaned from Perimeter's own decade of experience providing e-security to nearly 2,000 financial institutions.
By yearend, RiskProfile is expected to aggregate and assess security processes at more than 1,000 institutions, providing the first industry-wide, statistically significant benchmark for comparison of industry security practices. In 2007, the system will deliver peer-to-peer benchmarking as well as detailed reporting, progress tracking of individual institutional improvements and comparisons to best practices. The program expands to other industries in 2007.
Aligns security needs with business risks
"With hundreds of different security technologies available today, businesses often don't know where to start. As a result they often spend money on the wrong technologies," says Perimeter CEO Brad Miller. "Perimeter has devoted thousands of man-hours to design a tool that looks first at the threats in order of importance and then prioritizes network security efforts to minimize those threats," Miller says. This objective, benchmark-oriented tool helps financial institutions spend their security budgets more wisely and appropriately, aligning dollars directly with optimum business risk reduction.
"Too many networks are secured 'backwards,' focused first on technologies and second on business risks those technologies are mitigating," says Miller. Risk Profile works in reverse of most risk assessments by ranking an institution's business processes according to their importance to the business and its vulnerability to financial, regulatory, and reputational impact. The system profiles appropriate risk mitigation solutions and scores business processes on their current level of mitigation. It shows the actual percentage of total organizational risk each business process accounts for, offers prioritized recommendations to mitigate risk, and indicates where procedure changes might help.
"RiskProfile provides an unprecedented snapshot of what technologies and risk mitigation strategies are in use across the industry," says Kevin Prince, Perimeter's Chief Security Officer. "We will look at this information in aggregate and share it from time to time with the industry. Confidentiality of all respondent data is of course guaranteed by Perimeter's privacy policies."
Basic profile offered for free
"Early enthusiastic response to the RiskProfile system has been exciting," says CEO Miller, with nearly 500 institutions conducting self-assessments and populating the system's database in less than sixty days of beta testing. To build the industry's first comprehensive database, Perimeter is waiving the cost of initial self-assessments. Included in the no-charge assessment is a free RiskProfile report and benchmarking information as it becomes available. Next year, an enhanced system will deliver ongoing monitoring, performance comparisons, and granular peer-to-peer benchmarking and analysis for a fee.
How Risk Profile works
Users visit www.riskprofile.org, a password-protected website. Access is available at no charge simply by contacting Perimeter. Users then select business processes from the profiler's menu such as core accounting, item processing, commercial Internet banking, mortgage origination, and the like, and rank the importance of each process to their organization on a scale of 1-10. Level of risk is assigned for each process in three key areas: financial, regulatory and reputation. The Financial Institution then answers a few questions regarding accessibility and sensitivity of the security technologies it currently deploys, including IDS/IPS, redundancy, vulnerability assessments, patch management and antivirus. Users can select a pre-populated template based on asset class and add or delete business processes from the template.
A report including an executive summary and technical detail is generated realtime, detailing areas of best practice; prioritized risks to the business; and identifies which technologies should be employed to increase security, network availability, and compliance. Profiles can be saved and revisited for 30 days.
To guide users in getting the greatest value possible from the tool, Perimeter is scheduling a weekly series of webinars that provide step-by-step instructions both on customizing the tool to a specific financial institution, and on how to interpret the results. The webinars are free, with dates and times published on the Riskprofile.org website.
As the only provider of complete security on demand, Perimeter makes security easily available and affordable for all businesses. Perimeter's on demand security services protect thousands of computer networks nationwide, offering more than 50 different services on a subscription basis. With the proliferation of security threats and technologies, clients benefit from a single-source provider that offers all services through one pre-integrated platform and web portal.