cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

MetricStream set to streamline navigation between governance, risk and compliance

MetricStream announced its latest product release today, named Danube, which is designed to enable customers to successfully navigate an increasingly connected GRC world.

user iconReporter
Tue, 05 Apr 2022
MetricStream set to streamline navigation between governance, risk and compliance
expand image

The Danube release includes advanced risk quantification, automated compliance across cloud environments and support for the Task Force on Climate-Related Financial Disclosures (TCFD), designed to provide a framework to assist customers with climate-related financial risk disclosures.

Key innovations include the following:

  • Enhanced risk quantification for enterprise and operational risk management enables customers to score, prioritise, manage, and report risk and loss exposure in monetary values.
  • Continuous control monitoring for cloud environments allows organisations to follow best practices by actively and continuously monitoring critical cyber controls, identify risks, measure effectiveness and automate compliance.
  • Customers can now leverage the TCFD standards as a framework to capture climate-related risks and generate standard financial impact reporting.

The common theme for today's announcement is centred on providing advanced measurement tools, whether evaluating risk across the enterprise, developing a cyber strategy, or establishing ESG metrics, according to Prasad Sabbineni, chief technology officer, MetricStream.


“Gone are the days that heat maps drive risk decisions.

“Much like we measure financial risks, GRC professionals now have access to risk metrics that enable them to more accurately identify, manage and report risks in a language that board members can understand and with the speed that is required to be proactive,” Sabbineni said.

BusinessGRC: Advanced risk quantification across the enterprise

The new risk quantification capability is built on MetricStream Intelligence, an analytical and artificial intelligence (AI) engine that enables multiple scoring models and data science tools.

This includes Monte Carlo simulations and modelling based on multiple variables. Customers will be able to generate a range-based estimate and predict the probability of different outcomes for annual loss expectancy. Risk quantification allows the board and executive management to gain a quick and accurate understanding of the relative importance of each risk, prioritise strategies and make more informed decisions.

CyberGRC: Automated compliance for cloud environments

Customers with cloud-hosted environments will be enabled with the option of automating compliance and control testing through Continuous Controls Monitoring (CCM). With automated validation of cloud environments across multiple cyber security standards and frameworks, CCM delivers continuous testing, measurable results and verifiable evidence. This alleviates the need to invest in labour-intensive efforts to identify risks while ensuring compliance with cyber security standards and frameworks.

ESGRC: Simplified disclosure of climate-related financial risks

MetricStream ESGRC now supports the TCFD framework for organisational governance best practices associated with climate-related financial risks and opportunities. MetricStream ESGRC's TCFD features enable users to automate data gathering for a broad range of metrics required for ESG financial risk disclosure and centralises management of disclosure reporting.

The Danube release represents more than two dozen new product innovations and includes self-service reporting, low code and no code tools for easy configuration, and advanced AI and ML capabilities to identify and rationalise duplicate controls. Anonymous case and incident reporting for witnesses and observers, enhanced data on third-party financial reporting and sustainable sourcing practices are also included. Additionally, customers can benefit from the inclusion of more than 900 cyber security controls and best practices pre-built into the product, as well as evidence management for audits.

[Related: Threat groups leveraging Russia-Ukraine conflict spreading malware]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.