Lumension Risk
Manager shines a
(Health Insurance Portability and
Accountability Act), PCI (Payment
Card Industry) and other standards
that influence IT policies and
procedures.
light on compliance
REVIEW: After some study and setup, Lumension
Risk Manager 4.1 can be a powerful tool for
monitoring an organization’s risk and regulatory
compliance status.
Risk Manager runs on any reasonably powerful PC running
Windows Server 2003 or later and
with SQL Server 2005 or better
installed, which is used for its data
repository. Its entire user interface
is accessed through a Web browser,
and a wide variety of these are
supported.
By David Strom
What’s your organi- zation’s exposure to risk? Without a cen- tral location in which
to keep track of your IT assets and
the risks they represent to your business, you may be more exposed than
you realize.
is the Unified Compliance Frame-
work ( tinyurl.com/358k5lq), a
model that was first developed by
Network Frontiers and law firm
Latham & Watkins. It is now
used by a variety of organizations
(including Microsoft in its System
Center Service Manager) to keep
I tested with an already-populated
sample database using Internet
Explorer 7. The product also supports
Firefox 3 or Safari 3 or better.
Pricing for Risk Manager 4.1,
which began shipping in March,
varies depending on the number of
individual IP addressable objects
that are monitored: It starts at $40
per object, but quantity discounts
are available.
Enter Lumension
Risk Manager 4.1,
which can be a very
effective tool for IT
administrators who
are charged with
getting a handle on
and building workflows around risk and
regulatory compliance issues in their
organizations.
Risk dashboard
If used properly—and if enough
time is invested in
setting up its data
structures—Risk Manager can
track exactly how, and how well, a
corporation is mitigating its overall
exposure to potential risks in its
operation. However, the will to use
it has to be part of the fabric of an
organization, and staffers need to
participate in filling out its surveys
and monitoring their operations.
The main dashboard shows your major risk factors and other summary
information at a glance.
track of more than 400 compliance
regulations.
This framework is used to manage
conflicting and overlapping compli-
ance requirements and is the core of
Risk Manager’s scoring algorithms.
The framework offers a model for
applying a consistent and undupli-
cated view across regulations such
as the Sarbanes-Oxley Act, HIPAA
The main menu
is a dashboard that
keeps track of vari-
ous items, including
your own notifications
and e-mail reminders
that the software has
sent you, summaries
of compliance regula-
tions, and the scores
on various groups
within an organiza-
tion based on key per-
formance indicators,
At the heart of Risk Manager
As with many dashboards, these
items are hot-linked to more spe-
cific pages, so that a user can click
on areas of interest to drill down
for more details. For example, if
I wanted to see whether my orga-
nization was in compliance with
