SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
MetricStream announces new product for improved GRC
Tue, 5th Apr 2022
FYI, this story is more than a year old

MetricStream has announced a new product to simplify the ability to navigate the rapidly growing importance of governance, risk, and compliance (GRC).

Danube offers users advanced risk quantification, automated compliance across cloud environments and support for the Task Force on Climate-Related Financial Disclosures (TCFD), intended to provide a framework for helping customers with climate-related financial risk disclosures.

The new risk quantification capability is built on MetricStream Intelligence, an advanced analytical and AI engine.

This affords users multiple scoring models and data science tools, including Monte Carlo simulations and modelling based on numerous variables.

Additionally, customers can generate a range-based estimate and predict the probability of different outcomes for annual loss expectancy.

MetricStream adds that one of the benefits of risk quantification is allowing the board and executive management to quickly understand the importance of each risk, resulting in prioritising strategies and making more informed decisions.

The new service also provides those with cloud-hosted environments the means to choose to automate compliance and control testing through Continuous Controls Monitoring (CCM).

MetricStream says that with automated validation of cloud environments across multiple cybersecurity standards and frameworks, CCM offers continuous testing, measurable results, and verifiable evidence. It adds that this increases productivity by identifying risks quickly and simultaneously ensuring compliance with cybersecurity standards and frameworks.

Furthermore, MetricStream now has enhanced risk quantification for business and operational risk management, allowing customers to score, prioritise, manage, and report risk and loss exposure in monetary values.

ESGRC now supports the TCFD framework for organisational governance best practices associated with climate-related financial risks and opportunities.

This allows users to automate data gathering for a broad range of metrics required for ESG financial risk disclosure and centralises management of disclosure reporting.

“The common theme for today's announcement is centered on providing advanced measurement tools, whether evaluating risk across the enterprise, developing a cyber strategy, or establishing ESG metrics,” MetricStream chief technology officer Prasad Sabbineni says.

“Gone are the days that heat maps drive risk decisions. Much like we measure financial risks, GRC professionals now have access to risk metrics that enable them to more accurately identify, manage, and report risks in a language that board members can understand and with the speed that is required to be proactive.

MetricStream says the Danube release also represents more than two dozen new product innovations. These include:

  • Self-service reporting
  • Low code and no-code tools for easy configuration
  • Advanced AI and ML capabilities to identify and rationalise duplicate controls
  • Anonymous case and incident reporting for witnesses and observers
  • Enhanced data on third-party financial reporting
  • Sustainable sourcing practices are also included

Also available to customers is the inclusion of over 900 cybersecurity controls and best practices pre-built into the product and evidence management for audits.