TIGIR solves a massive business problem in security and risk! TIGIR has automated the security risk assessment process – SA&A (CAN), S&A (US) and TRAs - to demonstrate mandatory compliance for governments and for private sector companies who want to do business with the government. Currently a manual process of Word templates and contractors, TIGIR automates the entire process with security standards (NIST, ITSG-33, SOC2, ISO 27000+, CMMC), lowering risk for all industries.
Reducing time and cost, TIGIR reduces the 3-4 month process to 2-3 weeks using a patented algorithm to calculate risk and recommend security controls, enabling it to clear backlog and allow for more through-put performed by lower skilled workers due to the simplified process. To do this, TIGIR provides calculations on four comprehensive Profiles to determine control areas that must be improved and provide recommendations: Organization Risk, Asset Valuation, Threat Scenarios and Strengths & Gaps.
Then, Residual Risk is calculated and Recommendations are prioritized to include security controls to decrease risk and raise security posture. TIGIR focuses on assets and includes anything requiring protection or that needs to prove compliance: Data/Information, Systems, Application/Technology, Devices, Services, Equipment, Products; Materials and Human Capital.
The final report includes all inputs, the calculated risk, the residual risk and prioritized recommendations to bridge the gap. Along with it the Statement of Sensitivity (CIAH), the Security Requirements Traceability Matrix and the Security Control Profile customized to the sensitivity of the asset are also generated, completing the entire risk assessment process in a fraction of the time.