Thales’s Governance, Risk and Compliance (GRC) function serves to address the complexity of risk in an increasingly volatile business environment. Evolving technologies, cyber threats and regulatory requirements have created a dynamic global risk environment, emphasising minimal time to plan and prepare mitigation.
The GRC team at Thales understands that risk management and compliance is more than simply ‘ticking boxes’, mitigation strategies and avoiding risk. The team can support your organisation in taking a holistic, proactive and strategic approach to foster your organisations’ growth and avoid failure in the pursuit of success.
Why Thales GRC:
Integrate governance, risk and compliance for effective decision making
Protect company reputation through better risk management
Assess and mature your state of risk and compliance management practices
Elevate risk culture and awareness. Develop risk indicators and strategies to mitigate risk
Evaluate compliance with Essential Eight, NIST/CSF, ISMS (ISO 27001, ISO 31001, C2M2
End-to-end governance, risk management and compliance policies and procedures
Situational Awareness Managed Service
The Situational Awareness Managed Service will be scalable from a core baseline capability. The baseline service will be installed to monitor and maximise visibility of organisational behaviours and logging abnormalities. This is based on a Hybrid On-Premise / Cloud Based approach which can be easily transitioned in either direction dependent on requirements. The Situational Awareness baseline service has been configured around six base use cases.
The six base use cases are:
Critical Database and File Systems
Once operational, Thales will be able to immediately highlight areas for improvement. The continued aggregation, analysis and visualisation of cyber security posture, security threats and other risk factors will support analysts and executives to make informed, accurate decisions that directly mitigate areas of risk and vulnerability.
The Essential Eight (E8) Managed Service offers customers a core baseline monitoring service of E8 requirements using the Huntsman product tool. The E8 service will be installed to monitor and maximise visibility of organisational behaviours, and logging abnormalities in relation to the current E8 compliance regime enforced by government. This is based on a Hybrid On-Premise DC which can be easily transitioned in either direction dependent on requirements. This baseline service has been configured to track the components that are required in building a strong cyber security posture for your organisation’s systems.
This is a list of the Essential Eight mitigation strategies:
Application Whitelisting (Mandatory top four requirement from ASD)
Patching Applications (Mandatory top four requirement from ASD)
Restricting Administrative Privileges (Mandatory top four requirement from ASD)
Patching Operating Systems (Mandatory top four requirement from ASD)
Disabling Untrusted Microsoft Office Macros
Using Application Hardening
Risk Management as a Service
The Risk Management as a Service offers customers a business risk management and monitoring service, combining a corporate risk dashboard for all major business risks. This, combined with Thales' international intelligence, insights and a real time executive focussed risk dashboard, will provide organisations with a tool that can truly monitor operational and strategic risk in one location. Our risk forecast tool will also be provided, so businesses can properly assess business changes over time through a risk.
Thales will conduct an initial risk health check which will inform a subsequent discussion with the customer on the risks, mitigations, reporting and level of investment required to proactively manage risk systematically.
Security Testing as a Service
The Risk Management as a Service Essential offers customers a business risk management and monitoring service, combining a corporate risk dashboard for all major business risks (i.e. WHS, Finance, business operations, personnel, program / portfolio, commercial and legal, property, investments, cyber and physical security). This, combined with Thales' international intelligence and insights and a real time executive focussed risk dashboard, will provide organisations with the first tool that can truly monitor operational to strategic risk in one location. A risk forecast tool will also be provided, so businesses can properly assess changing business over time through a risk lens (i.e. mergers and acquisitions, divestments and their impact on: cyber, commercial, finance etc..)
The service will leverage off existing tools for corporate risk management, Thales' insights and intelligence platform, and customised board / executive focussed risk reporting templates to deliver operational to executive risk transparency in a simple fashion.
Once initial risk health checks (consulting work) have been completed within an organisation, and they choose to investment in a centralised system, Thales can programmatically invest in each risk lens to build out capability in a low investment fashion (taking on little initial platform investment itself).