Home » Topics » Governance, Risk and Compliance » Citicus simplifies security risk management

Citicus simplifies security risk management

Avatar photoby Ben Rossi

Marco Kapp says people hate risk analyses. "They're paper intensive and people don't understand or believe the results," he says. But rising security threats have made vulnerability and risk assessment an increasingly important part of corporate IT security. And it is this trend that Kapp, co-founder and director of Citicus, an information risk-management software company, is looking to exploit.

 
 

Company: Citicus

Activity: Vulnerability assessment

Founded: 2001

Country: UK

Backers: Privately funded

www.citicus.com

Verdict

+ Experienced management
+ Product developed with blue-chip clients
Customer complacency over security?

 

 

Citicus' flagship product, Citicus ONE, manages corporate security risks by consolidating information about multiple systems and departments. This provides a chief information officer with an insight into their company's overall level of risk.

Citicus has a somewhat unorthodox history. Kapp was a founding member of the Internet Security Forum (ISF), an independent group with more than 1,000 large companies among its membership.

Based on data from surveys, ISF developed a risk measurement methodology that includes a simple scorecard with 17 main control areas for IT security. Citicus ONE automates this process. ISF retains the copyright for the methodology, but Citicus has exclusive rights to develop software based on it.

Citicus ONE runs on corporate intranets. Different departments fill out their respective scorecards and the system then gives an immediate risk assessment, along with advice on how security can be improved. Citicus ONE can also track different departments to see if they are driving down their security risks.

Citicus ONE was officially launched at the end of March 2002. Kapp's immediate goal is to work with about 20 organisations – it already has 16 clients – giving these first customers intensive support and helping to set up pilots and roll out the system. He hopes they will ultimately provide strong references for Citicus.

Investment in product development was about EU1.5 million, funded solely by Citicus' founders. The company expects to be profitable by the end of 2002. But it may have to raise some outside funding in 2003 for further expansion. For now, however, it needs to build a strong reputation with clients and, admits Kapp, prove that it has "a product that earns its keep."

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Related Stories

Governance, Risk and Compliance

Two ways to improve GDPR enforcement

Martin Davies of Drata explains how GDPR is currently enforced and how enforcement could be improved across the European Union

Governance, Risk and Compliance

Four in five IT leaders concerned about data compliance

Cloudera research reveals that 79 per cent of IT leaders see compliance as the main data management concern, despite widespread investment

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Governance, Risk and Compliance

What unbundling Microsoft Teams will mean for EU customers

In the midst of an EU antitrust investigation, Microsoft Teams is now set to be offered to businesses separately from its Office suite