MILFORD, Conn. -- e-Security solutions provider Perimeter has developed a risk assessment tool that it says will help credit unions examine and mitigate their different forms of risk, including card risk, from the inside out.
"Too many networks are secured backwards, focused first on technologies and second on business risks those technologies are mitigating," says Perimeter CEO Brad Miller.
Instead the Perimeter product, which goes under the name of RiskProfile, works in reverse of most risk assessments by ranking an institution's business processes according to their importance to the business and its vulnerability to financial, regulatory, and reputation impact.
The system profiles appropriate risk mitigation solutions and scores business processes on their current level of mitigation. It shows the actual percentage of total organizational risk each business process accounts for, offers prioritized recommendations to mitigate risk, and indicates where procedure changes might help.
It also compares the risk, without identifying the CU, to a risk profile of the industry as a whole.
"RiskProfile provides an unprecedented snapshot of what technologies and risk mitigation strategies are in use across the industry," said Kevin Prince, Perimeter's chief security officer. "We will look at this information in aggregate and share it from time to time with the industry. Confidentiality of all respondent data is of course guaranteed by Perimeter's privacy policies."
The company is so confident that CUs will find the RiskProfile useful that it is letting CUs sign on for a preliminary risk assessment, for free, until Dec. 31.
The free assessments will be the results of CUs anonymously using the tool in the form of a 20-minute online quiz. Upon completion, they will receive a prioritized report showing their individual business process risk profile, recommendations on how to improve it and an indication of how they stack up against the other banks and credit unions in the industry, the company said.
Perimeter says it has the largest database of its kind in the industry, with 200 credit union profiles to date. The company anticipates RiskProfile will include 1,000 institutions by year-end. The tool was built primarily to gather valuable benchmarking data on the industry rather than as a sales tool for Perimeter, a company spokesman said.
Perimeter explained that looking for risk in a credit union's most important business processes first makes more sense because it allows the CU to better deploy resources to counter those risks. It will allow credit unions to monitor their risk mitigation profile and budget for security by truly aligning information technology security plans with a prioritized ranking of business risks. This approach was the product of work with a wide-ranging assortment of industry experts, including Federal regulators from several agencies and credit union security officers and has earned an endorsement from CUNA.
"CUNA provided input to the development of the RiskProfile tool, so credit unions would have a way to monitor how their priorities, and solutions, compared to industry peers," said Wes Millar, senior vice president of Strategic Services for CUNA. "This tool can be used to prepare for examinations, audits, board reviews, best security practices, technology reviews, and budgeting."
CUNA Mutual, the insurer for most of the nation's CUs, said it had not yet been introduced to the tool.
Millar said that the response Perimeter had received from credit unions who helped test the RiskProfile tool led to the free test offer.
"Early enthusiastic response to the RiskProfile system has been exciting," said Miller, adding that next year an enhanced system will deliver ongoing monitoring, performance comparisons, and peer-to-peer IT risk assessment and analysis benchmarking, but for a fee. --firstname.lastname@example.org