SecureAware®Automates IT-GRC Processes<br />Automated Risk and Compliance Management Solution<br />
Agenda<br /><ul><li>Risk and Compliance Challenges
Our Approach to Best Practices
SecureAware®
Automated Risk and Compliance Mangement Solution</li></li></ul><li>IT Security Standards, Mandates, and Statutes<br />IT S...
Common Characteristics of Best Practices<br /><ul><li>Based on a framework
 Require organizational alignment
IT Policy with business objectives
Workflow to the policies / procedures
 Policies, procedures, and awareness is communicated
Data Security Standards
Privacy Rules
Security Awareness Training (SAT)
 Governance and control structures
Risk management focus
 Operational assurance
Compliance, Audit, Results</li></li></ul><li>Implementation of ITIL Strategy <br />Strategy: <br />	-  Define goals, objec...
Information Technology Infrastructure Library (ITIL)<br />Provides a common framework to formalize a service-oriented mana...
IT Governance, Risk and Compliance<br />IT-GRC exists to ensure consistency, efficiency and transparency in multiple gover...
Upcoming SlideShare
Loading in …5
×

SecureAware® - Automated Risk and Compliance Solution

1,084 views

Published on

SecureAware® is a patent-pending all-in-one platform for compliance, best practices and security awareness that incorporates an automated workflow engine built in accordance with ISO international standards.

Supports ISO 2700x, PCI DSS 1.2, and CoBIT 4.1 frameworks out-of-the box

Built on industry-standard technologies
Easy to install, deploy, and support
Easily supported within existing IT infrastructure

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,084
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SecureAware® - Automated Risk and Compliance Solution

  1. 1. SecureAware®Automates IT-GRC Processes<br />Automated Risk and Compliance Management Solution<br />
  2. 2. Agenda<br /><ul><li>Risk and Compliance Challenges
  3. 3. Our Approach to Best Practices
  4. 4. SecureAware®
  5. 5. Automated Risk and Compliance Mangement Solution</li></li></ul><li>IT Security Standards, Mandates, and Statutes<br />IT Services Delivery Management<br />TBD<br />Federal Mandate<br />Sarbanes-Oxley<br />CoBIT 4.1<br />Any State<br />Privacy Law<br />ISO 27000<br />PCI<br />
  6. 6. Common Characteristics of Best Practices<br /><ul><li>Based on a framework
  7. 7. Require organizational alignment
  8. 8. IT Policy with business objectives
  9. 9. Workflow to the policies / procedures
  10. 10. Policies, procedures, and awareness is communicated
  11. 11. Data Security Standards
  12. 12. Privacy Rules
  13. 13. Security Awareness Training (SAT)
  14. 14. Governance and control structures
  15. 15. Risk management focus
  16. 16. Operational assurance
  17. 17. Compliance, Audit, Results</li></li></ul><li>Implementation of ITIL Strategy <br />Strategy: <br /> - Define goals, objectives and business functions<br />Design:<br /> - Design the service components and processes<br />Transition: <br /> - Managing the rollout process and change management<br />Operation: <br /> - Executing the daily tasks and activities<br />Continual Improvement: <br /> - QA and monitoring for improvement and optimization<br />
  18. 18. Information Technology Infrastructure Library (ITIL)<br />Provides a common framework to formalize a service-oriented management approach within IT and improve interaction between IT and the business units<br />Objective: <br />Build an IT organization that is governed intelligently, meets customer and business requirements, and delivers a high level of service while minimizing risks and maximizing efficiencies and effectiveness. <br />
  19. 19. IT Governance, Risk and Compliance<br />IT-GRC exists to ensure consistency, efficiency and transparency in multiple governance, risk and compliance management processes throughout an organization.<br /> Collaboration is required amongststakeholders responsible for corporate governance, compliance management, risk management, IT, auditing, and other relevant business functions.<br />
  20. 20. Automation = Improved Business Processes<br />IT-GRC solves the problem of compliance challenges by automating and integrating:<br /><ul><li>Data security policy and procedure management
  21. 21. GAP analysis and assessment functions
  22. 22. Compliance (continuous) testing and management
  23. 23. Risk management and assessments
  24. 24. Business Continuity Planning (BCP)
  25. 25. Targeted security awareness training (SAT)
  26. 26. Dashboards and timely reporting
  27. 27. Streamlined self-assessments and audits</li></li></ul><li>Converge and Manage on Common Policy / Delivery Platform<br />ISO 27000<br />TBD<br />Federal Mandate<br />Any State<br />Privacy Law<br />PCI<br />Sarbanes-Oxley<br />CoBIT 4.1<br />IT-GRC Solution Delivery<br />IT Services Delivery Management<br />
  28. 28. SecureAware®An IT-GRC Software Solution<br />SecureAware® is a patent-pending all-in-one platform for compliance, best practices and security awareness that incorporates an automated workflow engine built in accordance with ISO international standards. <br />Supports ISO 2700x, PCI DSS 1.2, and CoBIT 4.1 frameworks out-of-the box<br /><ul><li>Built on industry-standard technologies
  29. 29. Easy to install, deploy, and support
  30. 30. Easily supported within existing IT infrastructure</li></li></ul><li>SecureAware®An IT-GRC Software Solution<br />Channel Web: One of the “20 Hot Compliance Products” <br />http://www.crn.com/security/221600140;jsessionid=HLNKH24EAD2ANQE1GHRSKH4ATMY32JVN?pgno=10<br />
  31. 31. SecureAware®An IT-GRC Software Solution<br />2010Info Security Products Guide <br />Global Product Excellence – Policy Management Solution<br />Global Product Excellence – Risk Management Solution<br />http://www.infosecurityproductsguide.com/awards/2010/2010GBE-Finalists.html<br />
  32. 32. SecureAware®An IT-GRC Software Solution<br />2010 Network Products Guide<br />Product Innovation – Compliance Management Solution<br />http://www.networkproductsguide.com/innovations/index.html<br />
  33. 33. Risk Management Product Peer Review<br />Product Rating<br />                                                                  <br />For: Awareness tools and acknowledgments and testing; BCP inclusion; very nice UI. <br />Against: Truly assessment-driven tool for measuring risk.<br />Verdict: Great tool for developing an enterprise GRC plan and risk management solution.<br />Source: SC Magazine, a publication of Haymaker Communications / June 10, 2010<br />
  34. 34. SecureAware®Workflow Management Framework<br /><ul><li> PCI DSS, ISO 27K, and CoBIT 4.1 frameworks
  35. 35. Policy alignment and version control
  36. 36. Import / map existing policies
  37. 37. Create / modify new polices
  38. 38. Rapidly deploy Security Awareness Training
  39. 39. Compliance checking / gap analysis
  40. 40. Self assessments / questionnaires
  41. 41. Tasks linked to policies
  42. 42. Workflow for review & approval
  43. 43. Recurring tasks / templates
  44. 44. Documentation linked to task
  45. 45. Automated checklists / calendars
  46. 46. Business continuity plans
  47. 47. BCP structures
  48. 48. BCP templates
  49. 49. Tasks with compliance</li></ul> Complete customization (skins)<br /> Multiple portals<br /> Multiple languages<br /> API for integration<br /> Interfaces with Active Directory<br /><ul><li> IT risk management
  50. 50. Automate risk assessments
  51. 51. Vulnerability reporting
  52. 52. Business impact assessment
  53. 53. Business process map with IT systems</li></li></ul><li>Global Client Base<br />Over 300 Clients <br />Fortune 1,000<br />Enterprise<br />Government<br />National Lottery<br />
  54. 54. Converge and Manage on Common Policy / Delivery Platform<br />ISO 27000<br />TBD<br />Federal Mandate<br />Any State<br />Privacy Law<br />PCI<br />Sarbanes-Oxley<br />CoBIT 4.1<br />IT-GRC Solution Delivery<br />IT Services Delivery Management<br />
  55. 55. About Lightwave Security<br />Atlanta-based IT security firm founded in 2006 by industry veterans<br /><ul><li>Virtual CISO Services
  56. 56. IT Security Strategy and Execution
  57. 57. Organizational Development
  58. 58. Experts in IT-Governance, Risk and Compliance (IT-GRC)
  59. 59. Compliance Program Development and Management
  60. 60. Security Awareness Training (SAT)
  61. 61. Penetration and Vulnerability Assessments
  62. 62. Application Security Assessments</li></ul>Exclusive distribution and support for SecureAware® in North America<br />
  63. 63. Contact Details<br />Gary Blume<br />Senior Vice President<br />Lightwave Security<br />gblume@lightwavesecurity.com<br />T: 404.276.6192<br />

×