SlideShare a Scribd company logo

Online Training Information Security Management

Download as PPTX, PDF
E
easy2comply

Presentation objective is to provide an overview of our Information Security building blocks, offer insight into the look and feel of the application and Showcase how you can easily use our software.

1 of 23
Discover why 50,000 professionals have already switched to easy2comply _Information Security Management
Presentation Objective Provide an overview of our Information Security building blocks Offer insight into the look and feel of the application Showcase how you can easily use our software 2
Who is it for? Our Information Security software has been designed with the needs of the Chief Information Security Officer in mind and can be used by: Information Security Steering Committee Information Security Managers Information Technology Managers 3 No project is too big or too small It can be used by small groups (1 – 5 users) all the way up to the whole enterprise (10,000 users) Implementing our software has never been easier!
Information Security Management 4 Assets and Units Threats and Controls Assessment Security Incidents Tasks, Notifications and Messages Reports and Management Dashboards
Assets and Units 5 Assets and Units Threats and Controls Assessment Security Incidents Tasks, Notifications and Messages You can also look at your tree horizontally across the enterprise. This feature allows you to drag and drop parts of your tree into simple structures to ease reporting and comparative analysis. This is where you define your organizational tree. Our software combines a dual hierarchy: one for your assets, units and locations, and one for your information security activities and procedures. Reports and Management Dashboards
Assets and Units 6 Each item can be documented in terms of Owner, Type, Asset Value and Attachments Structure can be built with no limitation to the number of levels
Assets and Units Tasks, Notifications and Messages Reports and Management Dashboards Threats and Controls Assessment 7 Assess your Threats using one or more of the available methodologies: Impact vs. Likelihood Risk Square 2) Questionnaire Threats and Controls Assessment Security Incidents Mitigate your Threats by linking relevant controls to specific Threats. Check the controls for their level of effectiveness. Schedule the control checking process. Identify your Threats within the Asset or Unit. Document, categorize and classify the vulnerabilities. Attach any supporting evidence to the risk record.
Assessment Flow 8 Identify Assess Control ,[object Object]
Likelihood
Risk Score
Control Mapping
Auditing
Remediation
Threats
Risk Description
Vulnerabilities,[object Object]
Threat Assessment 10 Vulnerabilities needs to be mapped to the relevant Threat. Assessment performed according the CIA-based questionnaire or Impact vs. Likelihood.
Control Mapping 11 Here you can see the Threat… …together with the associated set of Controls mapped to the Threat.
Assets and Units Threat and Controls Assessment Tasks, Notifications and Messages Reports and Management Dashboards Security Incidents 12 Capture your Security Incidents and other Event Data across your Tree Security Incidents Assess the impact of the Incident and link each impact to your Threat and Control map Respond effectively to each Incident, draw relevant conclusions and allocate Actions accordingly
Incident Management 13 Record Damage Lesson Learned ,[object Object]
Total Damage
Indirect Impacts
Improvement Plan

Recommended

Incident Manager
Incident ManagerIncident Manager
Incident ManagerCraig Harris
 
Lumension Security Solutions
Lumension Security SolutionsLumension Security Solutions
Lumension Security SolutionsHassaanSahloul
 
VIM Product Description
VIM Product DescriptionVIM Product Description
VIM Product DescriptionSagren Naidoo
 
Intelligent Remote Monitoring
Intelligent Remote MonitoringIntelligent Remote Monitoring
Intelligent Remote Monitoringthesecuritygroup
 
Continuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing RiskContinuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing RiskTripwire
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsLumension
 
Intro to sys cloud’s next generation security and compliance center
Intro to sys cloud’s next generation security and compliance centerIntro to sys cloud’s next generation security and compliance center
Intro to sys cloud’s next generation security and compliance centerSysCloud
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Joseph Iannelli
 

Recommended

Incident Manager
Incident ManagerIncident Manager
Incident ManagerCraig Harris
 
Lumension Security Solutions
Lumension Security SolutionsLumension Security Solutions
Lumension Security SolutionsHassaanSahloul
 
VIM Product Description
VIM Product DescriptionVIM Product Description
VIM Product DescriptionSagren Naidoo
 
Intelligent Remote Monitoring
Intelligent Remote MonitoringIntelligent Remote Monitoring
Intelligent Remote Monitoringthesecuritygroup
 
Continuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing RiskContinuous Monitoring: Getting Past Complexity & Reducing Risk
Continuous Monitoring: Getting Past Complexity & Reducing RiskTripwire
 
Reorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsReorganizing Federal IT to Address Today's Threats
Reorganizing Federal IT to Address Today's ThreatsLumension
 
Intro to sys cloud’s next generation security and compliance center
Intro to sys cloud’s next generation security and compliance centerIntro to sys cloud’s next generation security and compliance center
Intro to sys cloud’s next generation security and compliance centerSysCloud
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Joseph Iannelli
 
Netcool Impact docs
Netcool Impact docsNetcool Impact docs
Netcool Impact docsHIMANSHU GOYAL
 
What goes into managed security services
What goes into managed security servicesWhat goes into managed security services
What goes into managed security servicesPhreedom Technologies
 
AHRQ Reporting Patient Safety challenge submission from IDinc and Shands Heal...
AHRQ Reporting Patient Safety challenge submission from IDinc and Shands Heal...AHRQ Reporting Patient Safety challenge submission from IDinc and Shands Heal...
AHRQ Reporting Patient Safety challenge submission from IDinc and Shands Heal...Didier Salem
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Donald E. Hester
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
PhishingBox Overview
PhishingBox OverviewPhishingBox Overview
PhishingBox OverviewPhishingBox
 
App Showcase: Security Audit
App Showcase: Security AuditApp Showcase: Security Audit
App Showcase: Security AuditResolver Inc.
 
Major events
Major eventsMajor events
Major eventsHaystax Technology
 
CoreSecurity
CoreSecurityCoreSecurity
CoreSecurityRay Coffin
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
Axxera ci siem
Axxera ci siemAxxera ci siem
Axxera ci siemReddy Marri
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationTripwire
 
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...MOBIQUANT TECHNOLOGIES
 
Practical IT auditing
Practical IT auditingPractical IT auditing
Practical IT auditingFrederick Altum Pokoo-Aikins
 
Building Value in Your Business: financial, operational and organizational fa...
Building Value in Your Business: financial, operational and organizational fa...Building Value in Your Business: financial, operational and organizational fa...
Building Value in Your Business: financial, operational and organizational fa...Sunbelt Business Brokers Canada
 
Online Training Solvency II
Online Training Solvency IIOnline Training Solvency II
Online Training Solvency IIeasy2comply
 
Risk Management For Manufacturing
Risk Management For ManufacturingRisk Management For Manufacturing
Risk Management For ManufacturingDick Lam
 
Webinar - Disaster in Japan: A Lesson in BCM
Webinar - Disaster in Japan: A Lesson in BCMWebinar - Disaster in Japan: A Lesson in BCM
Webinar - Disaster in Japan: A Lesson in BCMeasy2comply
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Nidhi Gupta
 
Operational Risk: Solvency II and the external factors’ analysis
Operational Risk: Solvency II and the external factors’ analysisOperational Risk: Solvency II and the external factors’ analysis
Operational Risk: Solvency II and the external factors’ analysisIgnacio Reclusa
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reportingShivaLeela Choudary
 
Operational Risk: Marketing and sales risks
Operational Risk: Marketing and sales risksOperational Risk: Marketing and sales risks
Operational Risk: Marketing and sales risksIgnacio Reclusa
 

More Related Content

What's hot

What goes into managed security services
What goes into managed security servicesWhat goes into managed security services
What goes into managed security servicesPhreedom Technologies
 
AHRQ Reporting Patient Safety challenge submission from IDinc and Shands Heal...
AHRQ Reporting Patient Safety challenge submission from IDinc and Shands Heal...AHRQ Reporting Patient Safety challenge submission from IDinc and Shands Heal...
AHRQ Reporting Patient Safety challenge submission from IDinc and Shands Heal...Didier Salem
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Donald E. Hester
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
PhishingBox Overview
PhishingBox OverviewPhishingBox Overview
PhishingBox OverviewPhishingBox
 
App Showcase: Security Audit
App Showcase: Security AuditApp Showcase: Security Audit
App Showcase: Security AuditResolver Inc.
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationTripwire
 
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...MOBIQUANT TECHNOLOGIES
 

What's hot (14)

Netcool Impact docs
Netcool Impact docsNetcool Impact docs
Netcool Impact docs
 
What goes into managed security services
What goes into managed security servicesWhat goes into managed security services
What goes into managed security services
 
AHRQ Reporting Patient Safety challenge submission from IDinc and Shands Heal...
AHRQ Reporting Patient Safety challenge submission from IDinc and Shands Heal...AHRQ Reporting Patient Safety challenge submission from IDinc and Shands Heal...
AHRQ Reporting Patient Safety challenge submission from IDinc and Shands Heal...
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
PhishingBox Overview
PhishingBox OverviewPhishingBox Overview
PhishingBox Overview
 
App Showcase: Security Audit
App Showcase: Security AuditApp Showcase: Security Audit
App Showcase: Security Audit
 
Major events
Major eventsMajor events
Major events
 
CoreSecurity
CoreSecurityCoreSecurity
CoreSecurity
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in ics
 
Axxera ci siem
Axxera ci siemAxxera ci siem
Axxera ci siem
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
 
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
Pileup Flaws: Vulnerabilities in Android Update Make All Android Devices Vuln...
 
Practical IT auditing
Practical IT auditingPractical IT auditing
Practical IT auditing
 

Viewers also liked

Building Value in Your Business: financial, operational and organizational fa...
Building Value in Your Business: financial, operational and organizational fa...Building Value in Your Business: financial, operational and organizational fa...
Building Value in Your Business: financial, operational and organizational fa...Sunbelt Business Brokers Canada
 
Online Training Solvency II
Online Training Solvency IIOnline Training Solvency II
Online Training Solvency IIeasy2comply
 
Risk Management For Manufacturing
Risk Management For ManufacturingRisk Management For Manufacturing
Risk Management For ManufacturingDick Lam
 
Webinar - Disaster in Japan: A Lesson in BCM
Webinar - Disaster in Japan: A Lesson in BCMWebinar - Disaster in Japan: A Lesson in BCM
Webinar - Disaster in Japan: A Lesson in BCMeasy2comply
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Nidhi Gupta
 
Operational Risk: Solvency II and the external factors’ analysis
Operational Risk: Solvency II and the external factors’ analysisOperational Risk: Solvency II and the external factors’ analysis
Operational Risk: Solvency II and the external factors’ analysisIgnacio Reclusa
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reportingShivaLeela Choudary
 
Operational Risk: Marketing and sales risks
Operational Risk: Marketing and sales risksOperational Risk: Marketing and sales risks
Operational Risk: Marketing and sales risksIgnacio Reclusa
 
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...TransWare AG
 

Viewers also liked (9)

Building Value in Your Business: financial, operational and organizational fa...
Building Value in Your Business: financial, operational and organizational fa...Building Value in Your Business: financial, operational and organizational fa...
Building Value in Your Business: financial, operational and organizational fa...
 
Online Training Solvency II
Online Training Solvency IIOnline Training Solvency II
Online Training Solvency II
 
Risk Management For Manufacturing
Risk Management For ManufacturingRisk Management For Manufacturing
Risk Management For Manufacturing
 
Webinar - Disaster in Japan: A Lesson in BCM
Webinar - Disaster in Japan: A Lesson in BCMWebinar - Disaster in Japan: A Lesson in BCM
Webinar - Disaster in Japan: A Lesson in BCM
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013
 
Operational Risk: Solvency II and the external factors’ analysis
Operational Risk: Solvency II and the external factors’ analysisOperational Risk: Solvency II and the external factors’ analysis
Operational Risk: Solvency II and the external factors’ analysis
 
Operational risk & incident reporting
Operational risk & incident reportingOperational risk & incident reporting
Operational risk & incident reporting
 
Operational Risk: Marketing and sales risks
Operational Risk: Marketing and sales risksOperational Risk: Marketing and sales risks
Operational Risk: Marketing and sales risks
 
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...Profiling for SAP - Compliance Management, Access Control and Segregation of ...
Profiling for SAP - Compliance Management, Access Control and Segregation of ...
 

Similar to Online Training Information Security Management

Online Training Internal Control Management
Online Training Internal Control ManagementOnline Training Internal Control Management
Online Training Internal Control Managementeasy2comply
 
Online Training Basel II
Online Training Basel IIOnline Training Basel II
Online Training Basel IIeasy2comply
 
Online Training Sarbanes-Oxley
Online Training Sarbanes-OxleyOnline Training Sarbanes-Oxley
Online Training Sarbanes-Oxleyeasy2comply
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
Security Awareness Report An individual assessment in the.docx
Security Awareness Report An individual assessment in the.docxSecurity Awareness Report An individual assessment in the.docx
Security Awareness Report An individual assessment in the.docxjeffreye3
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)ishan parikh production
 
User Guide for Risk Insight 1.1
User Guide for Risk Insight 1.1User Guide for Risk Insight 1.1
User Guide for Risk Insight 1.1Protect724gopi
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-SessionRyan Faircloth
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesRyan Faircloth
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Wk 6 - Security AuditYou are part of a team selected by the Chie.docx
Wk 6 - Security AuditYou are part of a team selected by the Chie.docxWk 6 - Security AuditYou are part of a team selected by the Chie.docx
Wk 6 - Security AuditYou are part of a team selected by the Chie.docxlefrancoishazlett
 
COM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docxCOM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docxmccormicknadine86
 
Note This project is broken up into Windows and Mac version.pdf
Note This project is broken up into Windows and Mac version.pdfNote This project is broken up into Windows and Mac version.pdf
Note This project is broken up into Windows and Mac version.pdfsagaraccura
 
Assignment ContentYou are part of a team selected by the C.docx
Assignment ContentYou are part of a team selected by the C.docxAssignment ContentYou are part of a team selected by the C.docx
Assignment ContentYou are part of a team selected by the C.docxlesleyryder69361
 
Assignment ContentYou are part of a team selected by the Chi.docx
Assignment ContentYou are part of a team selected by the Chi.docxAssignment ContentYou are part of a team selected by the Chi.docx
Assignment ContentYou are part of a team selected by the Chi.docxlesleyryder69361
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Wendy Knox Everette
 

Similar to Online Training Information Security Management (20)

Online Training Internal Control Management
Online Training Internal Control ManagementOnline Training Internal Control Management
Online Training Internal Control Management
 
Online Training Basel II
Online Training Basel IIOnline Training Basel II
Online Training Basel II
 
Online Training Sarbanes-Oxley
Online Training Sarbanes-OxleyOnline Training Sarbanes-Oxley
Online Training Sarbanes-Oxley
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
 
Security Awareness Report An individual assessment in the.docx
Security Awareness Report An individual assessment in the.docxSecurity Awareness Report An individual assessment in the.docx
Security Awareness Report An individual assessment in the.docx
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)case studies on risk management in IT enabled organisation(vadodara)
case studies on risk management in IT enabled organisation(vadodara)
 
User Guide for Risk Insight 1.1
User Guide for Risk Insight 1.1User Guide for Risk Insight 1.1
User Guide for Risk Insight 1.1
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
Wk 6 - Security AuditYou are part of a team selected by the Chie.docx
Wk 6 - Security AuditYou are part of a team selected by the Chie.docxWk 6 - Security AuditYou are part of a team selected by the Chie.docx
Wk 6 - Security AuditYou are part of a team selected by the Chie.docx
 
Threat modelling
Threat modellingThreat modelling
Threat modelling
 
COM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docxCOM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docx
 
Note This project is broken up into Windows and Mac version.pdf
Note This project is broken up into Windows and Mac version.pdfNote This project is broken up into Windows and Mac version.pdf
Note This project is broken up into Windows and Mac version.pdf
 
internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1
 
Assignment ContentYou are part of a team selected by the C.docx
Assignment ContentYou are part of a team selected by the C.docxAssignment ContentYou are part of a team selected by the C.docx
Assignment ContentYou are part of a team selected by the C.docx
 
Assignment ContentYou are part of a team selected by the Chi.docx
Assignment ContentYou are part of a team selected by the Chi.docxAssignment ContentYou are part of a team selected by the Chi.docx
Assignment ContentYou are part of a team selected by the Chi.docx
 
Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021Lets talk about soc2s, baby! BSidesLV 2021
Lets talk about soc2s, baby! BSidesLV 2021
 

Online Training Information Security Management

  • 1. Discover why 50,000 professionals have already switched to easy2comply _Information Security Management
  • 2. Presentation Objective Provide an overview of our Information Security building blocks Offer insight into the look and feel of the application Showcase how you can easily use our software 2
  • 3. Who is it for? Our Information Security software has been designed with the needs of the Chief Information Security Officer in mind and can be used by: Information Security Steering Committee Information Security Managers Information Technology Managers 3 No project is too big or too small It can be used by small groups (1 – 5 users) all the way up to the whole enterprise (10,000 users) Implementing our software has never been easier!
  • 4. Information Security Management 4 Assets and Units Threats and Controls Assessment Security Incidents Tasks, Notifications and Messages Reports and Management Dashboards
  • 5. Assets and Units 5 Assets and Units Threats and Controls Assessment Security Incidents Tasks, Notifications and Messages You can also look at your tree horizontally across the enterprise. This feature allows you to drag and drop parts of your tree into simple structures to ease reporting and comparative analysis. This is where you define your organizational tree. Our software combines a dual hierarchy: one for your assets, units and locations, and one for your information security activities and procedures. Reports and Management Dashboards
  • 6. Assets and Units 6 Each item can be documented in terms of Owner, Type, Asset Value and Attachments Structure can be built with no limitation to the number of levels
  • 7. Assets and Units Tasks, Notifications and Messages Reports and Management Dashboards Threats and Controls Assessment 7 Assess your Threats using one or more of the available methodologies: Impact vs. Likelihood Risk Square 2) Questionnaire Threats and Controls Assessment Security Incidents Mitigate your Threats by linking relevant controls to specific Threats. Check the controls for their level of effectiveness. Schedule the control checking process. Identify your Threats within the Asset or Unit. Document, categorize and classify the vulnerabilities. Attach any supporting evidence to the risk record.
  • 8.
  • 16.
  • 17. Threat Assessment 10 Vulnerabilities needs to be mapped to the relevant Threat. Assessment performed according the CIA-based questionnaire or Impact vs. Likelihood.
  • 18. Control Mapping 11 Here you can see the Threat… …together with the associated set of Controls mapped to the Threat.
  • 19. Assets and Units Threat and Controls Assessment Tasks, Notifications and Messages Reports and Management Dashboards Security Incidents 12 Capture your Security Incidents and other Event Data across your Tree Security Incidents Assess the impact of the Incident and link each impact to your Threat and Control map Respond effectively to each Incident, draw relevant conclusions and allocate Actions accordingly
  • 20.
  • 25. What
  • 26. When
  • 27.
  • 28. Incident Details 15 The narrative and the investigation Assign the failed Controls, investigate the event and analyze the reasons why the Controls were insufficient in preventing this from happening
  • 29. Tasks, Notifications and Messages 16 Assets and Units Create and follow up on Actions: 1. Link Actions to your Control 2. Each Action has an Owner and a Due Date for follow up 3. New Messaging feature Define your own Alerts (for example): 1. Missed Due Dates 2. Approaching audits 3. Changes to your data Threats and Controls Assessment Security Incidents Tasks, Notifications and Messages Reports and Management Dashboards Notifications are sent directly to your email inbox with a link taking you to the software
  • 30. Tasks Management 17 All Actions and Tasks are listed under the Organization’s Action Plan. Actions are listed according to status, owner and due date An individual action can contain multiple sub-tasks, each allocated to a different owner with a different due date
  • 31. Notifications and Messages 18 Software comes with the ability to generate reminders, alerts and notifications regarding Action Plan due dates and scheduled control tests. These notifications are delivered directly into the user’s email
  • 32. Reports and Dashboards 19 Management Dashboards are colorful and interactive charts generated by our powerful charting engine Assets and Units Built-in Reports are pre-defined report templates that can be generated and exported to multiple file formats Threats and Controls Assessment Security Incidents Excel Reports are templates created by the User that define precisely the data wanted to be seen Tasks, Notifications and Messages Reports and Management Dashboards
  • 35. Information Security Management 22 Assets and Units Threats and Controls Assessment Security Incidents Tasks, Notifications and Messages Reports and Management Dashboards