Citicus simplifies security risk management

Marco Kapp says people hate risk analyses. "They're paper intensive and people don't understand or believe the results," he says. But rising security threats have made vulnerability and risk assessment an increasingly important part of corporate IT security. And it is this trend that Kapp, co-founder and director of Citicus, an information risk-management software company, is looking to exploit.


Company: Citicus

Activity: Vulnerability assessment

Founded: 2001

Country: UK

Backers: Privately funded


+ Experienced management
+ Product developed with blue-chip clients
Customer complacency over security?



Citicus' flagship product, Citicus ONE, manages corporate security risks by consolidating information about multiple systems and departments. This provides a chief information officer with an insight into their company's overall level of risk.

Citicus has a somewhat unorthodox history. Kapp was a founding member of the Internet Security Forum (ISF), an independent group with more than 1,000 large companies among its membership.

Based on data from surveys, ISF developed a risk measurement methodology that includes a simple scorecard with 17 main control areas for IT security. Citicus ONE automates this process. ISF retains the copyright for the methodology, but Citicus has exclusive rights to develop software based on it.

Citicus ONE runs on corporate intranets. Different departments fill out their respective scorecards and the system then gives an immediate risk assessment, along with advice on how security can be improved. Citicus ONE can also track different departments to see if they are driving down their security risks.

Citicus ONE was officially launched at the end of March 2002. Kapp's immediate goal is to work with about 20 organisations – it already has 16 clients – giving these first customers intensive support and helping to set up pilots and roll out the system. He hopes they will ultimately provide strong references for Citicus.

Investment in product development was about EU1.5 million, funded solely by Citicus' founders. The company expects to be profitable by the end of 2002. But it may have to raise some outside funding in 2003 for further expansion. For now, however, it needs to build a strong reputation with clients and, admits Kapp, prove that it has "a product that earns its keep."

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics