BALLAST was designed with knowledge gained from hundreds of risk assessments, as well as guidance from national and international standards-making bodies including NIST, HIPAA, and ISO. The result is a tool that streamlines the assessment process and eliminates bottlenecks associated with manual approaches. Users can define the business units, facilities, and other information systems assets to be included in the risk assessments. Then, clients can select the threat model suitable for their business. For instance, if a healthcare organization has protected health information and HIPAA requirements, then BALLAST can account for that in the risk analysis.
BALLAST helps organizations automate their risk assessments, create and track remediation activities, and provide real-time reporting through intuitive dashboards
As Fulford points out, most firms lack the internal expertise to perform the highly technical aspects of information security risk assessments; BALLAST acts as a force multiplier at a much lower cost than hiring experts externally. Just one example of the product’s capabilities is a hospital management company that was performing risk assessments required by HIPAA and meaningful use. The client used spreadsheets to compile data from various locations which was cumbersome and inconsistent-- leading to inaccurate reports. By using BALLAST, the client was able to perform over 70 risk assessments within weeks and consolidate the data, providing actionable findings for the security team. The BALLAST solution helped the client track remediation items ensuring a decrease in risk profiles. “The client also took advantage of regional reporting capabilities that allowed them to compare the performance of one region with another,” explains Fulford.
LBMC is set to venture into new areas with its BALLAST platform, such as third-party vendor management and broader integration with LBMC’s existing managed services offerings. As Fulford points out, “Today, many organizations are under pressure to improve the quality and maturity of their security programs and meet regulatory requirements, but they struggle with identifying where to place priorty. BALLAST helps meet these challenges.”
“BALLAST is LBMC’s newest product in a suite of robust cloud-based services that will meet the evolving demands of our clients and their risk management needs.”