• STREAM Integrated Assurance Management
• Risk Management
• Compliance Management
• Events Management
• Metrics Management
• Assurance Objectives
• The STREAM Risk Engine
• STREAM Assistants
• The STREAM Integrated Assurance Platform

Products

Learn more about STREAM - the comprehensive risk and
compliance management solution

Solutions

Learn about the different ways STREAM is used

Industries

Find out which industries benefit from using STREAM

Resources

Want to download a datasheet? Go to our resources page

Contact Us

Use our enquiry form to contact us

The STREAM Risk Engine

STREAM uses the established principle that actual (residual) risk to the business is a factor of:

• The “realistic worst case” business impact that could result from undesirable events, whether these be accidental or deliberate, and internal or external threat sources
• The likelihood of such events occurring
• The level of vulnerability to those events.

When determining Vulnerability, the STREAM approach takes into account the following types of vulnerability:

1. External factors/constraints – often outside the direct control of the business - which can make threats more likely or raise expected impact levels, e.g. single points of failure
2. Weak or missing risk mitigation controls.

Each of these elements of the risk equation presents challenges to risk methodologies and supporting tools: for example:

• Businesses need to tailor the risk assessment scheme to their own specific needs, which is often a combination of qualitative and quantitative methods.  Also, although many organisations will wish to simply assess the security impacts of Confidentiality, Integrity and Availability separately, others may wish to extend this by using further impact types.  Finally, traditional methods require each identified risk to be assessed individually, for each impact type, and this can be very time-consuming.  An alternative approach is to identify the type(s) of information processing associated with the business assets, and then assess the risks to those assets based on an understanding of the potential impacts on that information.

• Assessing the likelihood of threats that may never arise has always been a very challenging area for risk analysts; this can be very time consuming, and still result in results which are difficult to aggregate for meaningful reporting
• Many control assessments simply determine if controls/processes are in place, and neither take into account the key factors which define mature controls, nor measure the effectiveness of deployed controls across the business.

STREAM provides solutions to these well understood problems through its Assistants.

There is a STREAM Assistant for each of the 3 key inputs to the risk calculation.

Register for email news

Latest

• Information Security Europe 2010

  Significant interest was expressed in the STREAM suite of products at Information Security 2010. It is clear that comprehensive risk and compliance management is becoming a key requirement for public and private organisations.

• STREAM Seminar - Ljubljana May 2010

  Richard Mayall presented a workshop in Ljubljana, Slovenia on 20 May 2010 on 'A better way to manage all your risks'. The workshop considered how STREAM can automate assurance management systems and support standards compliance.

• Risk appetite for information security

  Risk management best practice says that we need to manage risk in relation to risk appetite. But how do we do this for information security?

What are you looking for?