Citicus ONE: What makes it special?

How Citicus ONE works

What makes Citicus ONE special?

Software capabilities

Results produced

Software workflow

Gaining access

Platform requirements

Pricing

Key benefits

Our services

Citicus ONE user group

Citicus ONE maintenance and support

Citicus ONE hosted services

Education and training

Bases of evaluation

Programme management and execution

Collaborative developments

Additional technical support

Technology licensing

Downloads

Request a demonstration

Citicus news releases

Customer case studies

Testimonials

Implementation partners

Strategic alliances

Technology partners

Company profile

Our flagship software

Our standing

Our global customer base

Our research foundation

Our management team

Our company name

Contact details

What makes Citicus ONE so special?

Citicus ONE is the world’s most-advanced tool for measuring information risk, supplier risk and other areas of operational risk and managing these down to a level that is acceptable to top management, because it:

measures information risk reliably, and applies the same principles to other key areas of risk
implements a constructive risk management process
actively supports and promotes compliance with established standards of practice
offers a highly efficient way of reliably evaluating risk on an enterprise scale
produces great-looking, meaningful results for decision-makers from Board-level down.

Information about these features can be found below.

		Citicus ONE measures risk reliably, using techniques informed by years of rigorous, quantitative research into: the level of risk posed by thousands of mission-critical systems in use or under development in a wide cross-section of leading enterprises, active in most sectors of economic activity around the globe the effectiveness of the arrangements made by the ‘owners’ of those systems to control risk, quantified in terms of their measurable effect in reducing the experience of information incidents and the magnitude of their business impact. This research was led or conducted by the founders of Citicus Limited for and on behalf of the Information Security Forum (ISF), and Citicus ONE’s statistical base is refreshed every two years, by arrangement with the ISF. A topic paper summarizing the research findings shown opposite can be obtained by clicking Key facts about risk (PDF, 146KB). Further details of the research that underpins our approach can be found under Our research foundation. Back to top
		Citicus ONE implements a constructive risk management process called FIRM, which is based on extensive research into: what makes risk analysis and risk monitoring processes effective key pitfalls to avoid (eg overly-detailed, sporadic processes that take too much time to implement and produce results that business people don’t understand or believe in) secrets of success identified from studies of successful practice and many years of statistical investigations. Key success factors and pitfalls to avoid are identified under How Citicus ONE works. Back to top
		Citicus ONE actively supports and promotes compliance with established standards of practice . The system is neutral about which standards you employ (providing that they cover all control areas known to be critical). Thus it can support whatever standards are employed by your organization. To facilitate deployment, Citicus ONE comes pre-loaded with a series of widely-recognized standards of practice including: BS7799 / ISO 17999 ISF Standards of practice IT Governance Institute’s COBIT standard for good IT control practices Payment Card industry's Data security Standard (PCI/DSS). In addition, we provide Citicus-devised standards of practice for areas where we feel existing standards are weak, non-existent or not in a form that can be readily applied. Currently, these include: Citicus supplier relationship framework Citicus supplied service framework Citicus site security, health and safety framework Citicus privacy framework. These pre-loaded standards are ready for use ‘out of the box’. You can also upload your own policies and standards if you wish. Back to top
		Citicus ONE offers the most efficient way by far of reliably evaluating information risk, supplier risk and other areas of operational risk on an enterprise scale that is available on the market today. This is because our software is designed to yield meaningful and reliable business-oriented results by involving business management and subject practitioners in ways that make optimum use of their time. The effort involved to carry out evaluations and produce results has been minimized by careful design. This focus on efficiency means that 1000s of assets, activities, processes and / or external parties can be evaluated and evaluations can be routinely kept up-to-date with modest effort. As a guide: a target of evaluation's criticality can be assessed on-line in minutes a full evaluation of risk can be completed in three hours initially once completed, full evaluations can be updated in minutes. Although a programme manager needs to be assigned to drive the risk management process, Citicus ONE enables his or her workload to be shared across a network of local co-ordinators, so no one becomes overburdened. Back to top
		Citicus ONE produces great-looking meaningful results for decision-makers from Board-level down. All results produced by the system are designed to command the attention of decision-makers who deal with things other than risk as their ‘day job’. They are expressed in clear, business terms, make good use of text and graphics and are attractively presented. This helps practitioners communicate what needs to be done about risk effectively and build the credibility of risk management. Back to top

Together, these features enable our customers to build a climate of support for risk management - and make decisions about information risk, supplier risk and other key areas of operational risk based on first-rate, reliable information.

Background information on FIRM

FIRM is a ground-breaking methodology for managing information risk published by the Information Security Forum (ISF). It was developed by the founders of Citicus for and in conjunction with the ISF and Citicus Limited has an exclusive licensing arrangement with the ISF for automating FIRM - manifested by our Citicus ONE risk and compliance management software.

This agreement makes Citicus ONE available to all organisations – including those who are not ISF Members.

Note: Citicus ONE fully supports the published FIRM methodology. The latest versions of Citicus ONE offer significant advances in risk management techniques - such as individual results, dependency risk maps, action plans and support for workshop-based risk assessments – which elevate FIRM to a higher plane and widen its applicability.

For more information on FIRM and Citicus ONE, you can download the Citicus topic paper entitled Driving risk down using FIRM and Citicus ONE(PDF, 640KB).

Return to Our software (topics)


	Home \| Our software \| Services \| Resources \| News/events \| Customers \| Partners \| About us \| Contact us \| Privacy policy \| © 2010 Citicus Ltd