Online Training Information Security Management

619 views

Published on

Presentation objective is to provide an overview of our Information Security building blocks, offer insight into the look and feel of the application and Showcase how you can easily use our software.

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
619
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
23
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Online Training Information Security Management

  1. 1. Discover why 50,000 professionals have already switched to easy2comply<br />_Information Security Management<br />
  2. 2. Presentation Objective<br />Provide an overview of our Information Security building blocks<br />Offer insight into the look and feel of the application<br />Showcase how you can easily use our software<br />2<br />
  3. 3. Who is it for?<br />Our Information Security software has been designed with the needs of the Chief Information Security Officer in mind and can be used by:<br />Information Security Steering Committee<br />Information Security Managers<br />Information Technology Managers<br />3<br />No project is too big or too small<br />It can be used by small groups (1 – 5 users) all the way up to the whole enterprise (10,000 users)<br />Implementing our software has never been easier!<br />
  4. 4. Information Security Management<br />4<br />Assets and Units<br />Threats and Controls Assessment<br />Security Incidents<br />Tasks, Notifications and Messages<br />Reports and Management Dashboards<br />
  5. 5. Assets and Units<br />5<br />Assets and Units<br />Threats and Controls Assessment<br />Security Incidents<br />Tasks, Notifications and Messages<br />You can also look at your tree horizontally across the enterprise. This feature allows you to drag and drop parts of your tree into simple structures to ease reporting and comparative analysis.<br />This is where you define your organizational tree. Our software combines a dual hierarchy: one for your assets, units and locations, and one for your information security activities and procedures.<br />Reports and Management Dashboards<br />
  6. 6. Assets and Units<br />6<br />Each item can be documented in terms of Owner, Type, Asset Value and Attachments<br />Structure can be built with no limitation to the number of levels<br />
  7. 7. Assets and Units<br />Tasks, Notifications and Messages<br />Reports and Management Dashboards<br />Threats and Controls Assessment<br />7<br />Assess your Threats using one or more of the available methodologies:<br />Impact vs. Likelihood Risk Square<br />2) Questionnaire<br />Threats and Controls Assessment<br />Security Incidents<br />Mitigate your Threats by linking relevant controls to specific Threats.<br />Check the controls for their level of effectiveness.<br />Schedule the control checking process.<br />Identify your Threats within the Asset or Unit.<br />Document, categorize and classify the vulnerabilities.<br />Attach any supporting evidence to the risk record.<br />
  8. 8. Assessment Flow<br />8<br />Identify<br />Assess<br />Control<br /><ul><li>Impact
  9. 9. Likelihood
  10. 10. Risk Score
  11. 11. Control Mapping
  12. 12. Auditing
  13. 13. Remediation
  14. 14. Threats
  15. 15. Risk Description
  16. 16. Vulnerabilities</li></li></ul><li>Threat Identification<br />9<br />Identify and assess all of the relevant Threats<br />
  17. 17. Threat Assessment<br />10<br />Vulnerabilities needs to be mapped to the relevant Threat.<br />Assessment performed according the CIA-based questionnaire or Impact vs. Likelihood.<br />
  18. 18. Control Mapping<br />11<br />Here you can see the Threat…<br />…together with the associated set of Controls mapped to the Threat.<br />
  19. 19. Assets and Units<br />Threat and Controls Assessment<br />Tasks, Notifications and Messages<br />Reports and Management Dashboards<br />Security Incidents<br />12<br />Capture your Security Incidents and other Event Data across your Tree<br />Security Incidents<br />Assess the impact of the Incident and link each impact to your Threat and Control map<br />Respond effectively to each Incident, draw relevant conclusions and allocate Actions accordingly<br />
  20. 20. Incident Management<br />13<br />Record<br />Damage<br />Lesson Learned<br /><ul><li>Multiple Impacts
  21. 21. Total Damage
  22. 22. Indirect Impacts
  23. 23. Improvement Plan
  24. 24. Controls
  25. 25. What
  26. 26. When
  27. 27. Where</li></li></ul><li>Incidents<br />14<br />
  28. 28. Incident Details<br />15<br />The narrative and the investigation<br />Assign the failed Controls, investigate the event and analyze the reasons why the Controls were insufficient in preventing this from happening<br />
  29. 29. Tasks, Notifications and Messages<br />16<br />Assets and Units<br />Create and follow up on Actions:<br />1. Link Actions to your Control<br />2. Each Action has an Owner and a Due Date for follow up<br />3. New Messaging feature<br />Define your own Alerts (for example):<br />1. Missed Due Dates<br />2. Approaching audits<br />3. Changes to your data<br />Threats and Controls Assessment<br />Security Incidents<br />Tasks, Notifications and Messages<br />Reports and Management Dashboards<br />Notifications are sent directly to your email inbox with a link taking you to the software<br />
  30. 30. Tasks Management<br />17<br />All Actions and Tasks are listed under the Organization’s Action Plan. Actions are listed according to status, owner and due date<br />An individual action can contain multiple sub-tasks, each allocated to a different owner with a different due date<br />
  31. 31. Notifications and Messages<br />18<br />Software comes with the ability to generate reminders, alerts and notifications regarding Action Plan due dates and scheduled control tests. <br />These notifications are delivered directly into the user’s email<br />
  32. 32. Reports and Dashboards<br />19<br />Management Dashboards are colorful and interactive charts generated by our powerful charting engine<br />Assets and Units<br />Built-in Reports are pre-defined report templates that can be generated and exported to multiple file formats<br />Threats and Controls Assessment<br />Security Incidents<br />Excel Reports are templates created by the User that define precisely the data wanted to be seen<br />Tasks, Notifications and Messages<br />Reports and Management Dashboards<br />
  33. 33. Built-in Reports<br />20<br />
  34. 34. Dashboards<br />21<br />
  35. 35. Information Security Management<br />22<br />Assets and Units<br />Threats and Controls Assessment<br />Security Incidents<br />Tasks, Notifications and Messages<br />Reports and Management Dashboards<br />
  36. 36. Thank You<br />www.easy2comply.com<br />

×