Atana

A moderated workshop environment supports decision makers in assessing and evaluating the corporate security environment. This approach provides an extension to traditional risk management by supporting decision makers in cooperatively identifying and analyzing assets, threats, and vulnerabilities regarding a given corporate environment. Additionally, decision makers are supported in assigning rates of occurrence and exposure factors to the identified threats and negotiating their preferences. Data identified during the workshop serves - together with data collected through business processes monitoring - as a basis for the valuation of an optimal security level.

• Step 1: Definition of Benefit and Resource Categories: Benefit and resource categories have to be derived from the given corporate strategy.
• Step 2: Assets, Vulnerabilities and Threats: The assets worth being protected as well as potential threats and vulnerabilities must be identified. Usually this data is collected prior to the workshop and refined and prioritized during the workshop.
• Step 3: Risk Generation and Quantification: After completing the assessment all asset-threat-vulnerability combinations are generated. Each risk is assigned an annual rate of occurrence representing the estimated number of times a threat on a single asset is estimated to occur and the impact.
• Step 4: Safeguards: Safeguards reduce the rate of occurrence and/or the impact.
• Step 5: Safeguard Interactions: In this step, interactions and interdependencies between safeguards can be defined. Decision makers can model that certain safeguards should only be applied in combination, should be applied in a defined quantity, produce synergy effects, are mutually exclusive.
• Step 6: Portfolio Selection: Data collected during security assessment in Steps 1 through 5 is used as input for determining efficient safeguard portfolios.