As pressure mounts on financial institutions to better manage risk and security, banks are faced with myriad solutions for countering these challenges. According to Kevin Prince, chief security officer with Norwalk, Conn.-based security solutions firm Perimeter, it's easy for banks to be confused by all the choices.
To alleviate the problem, Perimeter unveiled RiskProfile, a Web-based service that allows banks to evaluate their risk and recommends ways to remediate any shortcomings. "Over the past few years, we've seen people going down the wrong road to proper risk assessment," says Prince. He notes that banks are being pushed by regulators, lawyers, consumers and the media to rush out and buy some kind of risk-mitigating solution. "This approach leads to the mismanagement of funds," he says. "They buy the wrong technologies."
According to Prince, RiskProfile takes a unique approach to risk management, as it looks at business process risk. The tool asks banks to rank their business processes according to the degree of risk a malfunction or breach in each of them poses to the institution: high, medium or low. It also requests information on the current technologies employed to mitigate risk.
RiskProfile then generates a report in real time that details areas of high risk as well as best practices and available technologies that might help mitigate that risk. Prince is quick to point out that the best practices were developed in conjunction with outside examiners.
A printable report and an executive summary of the findings provide an overall picture of the bank's risk exposure. This tangible illustration of a bank's risk and recommended solutions will better assist the institution in more accurately budgeting its IT dollars, the vendor claims.
Speaking the Language of Business
"One gap I find in financial institutions is the inability of the IT people to properly articulate to the business side what they need," Prince relates. "RiskProfile takes all the business processes and lists them according to priority, giving an overall risk score for the institution," he adds, noting that the information is presented in a language the business side can understand.
Elise Anderson, CIO with Plantation Plantation Financial, a $500 million holding company based in Pawleys Island, S.C., says RiskProfile helped her articulate her needs to the bank's board. "They don't always understand technology," Anderson explains. "The approach [of RiskProfile] is from your business process perspective: What processes are you trying to protect? ... I had quantifiable results that could be understood by nontech people."
Perimeter's Prince notes that the company is offering RiskProfile free until the end of December. Future versions, he says, will include more educational material on the risk mitigants recommended by Perimeter and a benchmarking tool so banks can compare their risk profiles to their peers'. All data collected by Perimeter will be held in strict confidence, the company stresses, adding that results will be compared in aggregate only.
Plantation's Anderson believes RiskProfile provides a valuable service to the industry. "Our compliance requirements are ever increasing," she says. "[RiskProfile] enables you to be a better banker."