Information Security Risk Assessment Software
The Gramm-Leach-Bliley Act (GLBA) and the Interagency Guidelines Establishing Information Security Standards
require financial institutions (banks, savings associations, and credit unions) establish an Information Security
Risk Assessment.
Version Tracking
Use version tracking to access data from previous versions of the risk assessment, compare data in the risk assessment over time, and identify trends from year to year.
Framework
Use Tandem's asset risk assessment framework to go step-by-step through the assessment process.
Quantifying the likelihood and potential damage associated with threats is made easy with a simple control calculation tool. Use the information captured to easily report on your risk posture.
Asset Templates
Get started right away by using our risk assessment templates designed for common information security assets.
Begin with our recommended guidance, threats and controls. Then use the framework to tailor each assessment to perfectly reflect your organization.
Downloads
Effortlessly generate consistent and professional documents on the fly to share with your executive team, board of directors, auditors and examiners.
These customizable documents are available in Microsoft Word and Adobe PDF formats.
CoNetrix offers an online risk assessment software solution to help banks and credit unions perform an information
security risk assessment, per GLBA, as well as individual information asset risk assessments. We designed our
software using guidance from the FFIEC, FDIC, OCC, FRB, NCUA, and CFPB. Our web-based risk assessment
software is designed in an easy-to-follow format.
Information Security Risk Assessment
The Tandem Information Security Risk Assessment Software includes:
- A location management tool to assist in identifying likelihood and potential damage based on physical locations
-
A threat questionnaire broken into eight sections to assist in quantifying the likelihood and potential
damage associated with threats:
- Structure & Responsibility
- Size & Complexity
- General Controls
- Previous Experience
- Natural Disaster/Elemental
- Contracts, Legal, and Regulatory
- Audit & Security Testing
- Security Awareness Training
-
More than 60 pre-defined "common" threats to financial institutions, including Biological Pandemic,
Remote Deposit Capture, Internet Banking System Misuse, and Wireless Emissions Compromised
-
A confidential information management section to manage data classification and data flow and to
document the location of customer information and/or vital records
-
A threat management section to manage controls, information security and cybersecurity compliance,
impact, and guidance associated with identified threats
Information Asset Risk Assessments
Additionally, the Information Asset Risk Assessments portion includes:
-
Risk assessment framework with control reduction calculation to assist in quantifying the likelihood
and potential damage associated with threats
- Data type management to manage data classification and to document which assets house various data types
-
A threat management component to manage controls, compliance, impact, and guidance associated with
identified threats
-
Multiple risk assessment templates for priority assets.
See Asset-based risk assessment templates.
Custom Risk Assessments
Tandem Risk Assessment also includes custom risk assessment
templates. Add your own threats and controls or incorporate CoNetrix suggested threats and controls to assist
in the creation of various assessments. Custom assessments can be mapped to controls and guidance.
Integrations
For internet banking risk assessments, use Tandem Internet Banking Security Program—which
can be purchased separately and integrated with the Tandem Risk Assessment product.
Use the Tandem Policies
integration, which allows users to customize a set of more than 40 pre-defined Information Security Policies,
already mapped to your Information Security Risk Assessment threats.
Additionally, the asset management tool integrates with Tandem Vendor Management
and Tandem Business Continuity Planning
products to show connections among assets, vendor services, systems, and software, per the updated FFIEC Information Security Booklet.
Features
The CoNetrix Information Security Risk Assessment software is feature-rich, including:
- The ability to document an unlimited number of risk assessments
- A storm and crime event statistics report tool
- Suggested threats, controls, and risk levels created and updated by security and compliance experts
- Downloadable documents in Microsoft Word and/or Adobe PDF formats
- New features and updates are automatically included with your annual subscription
- Free training workshops to help familiarize you with the software
- Integration with other CoNetrix online software
- Anywhere/anytime Internet access through a secure, online portal
- Multi-factor authentication (optional)
- Single Sign On (SSO) integration using SAML 2.0
- Multi-user access
- No software installation or equipment costs
-
The ability to manage several companies' risk assessments with one login (requires
a subscription for each company)
Links
Professional Services
For professional services, ask your account representative about adding Boost Consulting services.
Ready to Get Started?