Integrated model for the management of the complexity risk and resilience of secure information infrastructure

The iGRC Consortium launched its integrated dynamic risk management operational capability on 15th December 2011. Focused on the protection of critical national infrastructure from cyber attack, the iGRCTM capability combines Infogov’s leading Proteus® Enterprise information security management system with network security related sensor technologies via the Consortium’s open governance, risk and compliance inter-operability protocol, iGRCTM. The demonstration was about handling customer credit card payments in accordance with PCI DSS 2.0. Four scenarios were used: (1) disclosure of card payment details via email, (2) unauthorised system access, (3) unauthorised changes to executable files and (4) system access by ex-employees. The Proteus iGRCTM capability provides accurate understanding of the risk profile, whilst providing: dynamic risk management; insurance for high impact low probability risk events; derivation of security intelligence from the ICT estate; linkage of risk operations to management; exploitation of existing sensor information and verification of risk assessments.