What is SeCube GRC?
SeCube GRC is a security, risk, compliance, audit, and business continuity management software that can be modularly integrated in a single framework. Its purpose is to provide the integrated support of the security-related analysis, design, and maintenance processes in the company’s various divisions, thus creating a solution for the transparent and reportable management of security in the entire company.
What solution does SeCube provide?
The SeCube GRC system can be used to develop your company’s operating model (resources, systems, data, processes), to evaluate operations along the lines of business impact analyses, to use risk analyses (information security, physical, human, and business) to manage risks, to plan IT and business continuity, and to manage internal audit and compliance analyses in a single modular system.
Who is SeCube meant for?
SeCube’s target users include IT operations, the parties responsible for security and business processes, and the experts and managers in the fields of internal control and compliance. SeCube is safely able to manage the security-related activities involving the entirety of users in various professional fields.
SeCube GRC can be operated independently, allowing for the support of flexible use cases.
Inventory: The resources recorded in the SeCube configuration database can be grouped in a hierarchical order, with relations specified, and the company’s operating model can also be defined. The database, among others, also enables the company’s organizational structure, site structure, technological and human resources, systems, services, data asset description, data processing activities, and business processes to be recorded, together with the visualization of their interrelations and connections and the modelling of their operational interdependability.
Governance:Besides the analysis and planning functions, the software is explicitly aimed at the permanent supervision and maintenance of the security management system. Continuous validation monitoring functions support the provision of up-to-date results and advanced task management functions are used to support the tracking of responsibilities and tasks. The module also includes a BIA (Business Impact Analysis) function.
Risk management: The risk analysis connects the vulnerabilities and protective measures of the data assets with the threats. If they were to occur, cause and effect simulations are available to analyze the consequences and any resulting business damages. The different types (CIA information security, human, physical, business, operation, ad hoc, project-based) of risk analyses in a number of different areas can be run concurrently, the results of which can be managed in a uniform approach in the interest of implementing and supporting integrated comprehensive enterprise risk management (ERM). Risk management and reporting functions support the continuous maintenance, supervision and management of the company’s risk-proportionate protection.
Compliance & Audit: Regular compliance tests and audits can be carried out as per the various pre-defined international standards, security recommendations and legislation. At the same time, even audit/requirement notes can also be compiled (e.g. security regulations, parent company requirements, internal audit requirements). The different compliance/audit analyses can even be used concurrently, and deficiencies can be managed with the use of integrated action plans with the possibility to generate detailed or even time machine reports.
Business continuity and IT recovery management: The BCM module is capable of handling both business continuity and technological recovery planning in a unified manner along the lines of shared restore target times (RTO, MTPD, RPO). Business continuity planning (BCP) can be used to provide replacement or workaround solutions to avoid the downtime of resources that support business process (either technological, human, or facility-related). Detailed recovery and bridge plans can be carried out for technological resources, systems, and services in the course of disaster recovery (DRP) and service continuity management (SCM) planning. A flexibly developable scenario and planning system supported with draft board-like functions can be created, which is continuously kept up to date using change management, review, and testing functions, and detailed plans that can be exported in Word format and a test report. The tasks of the preparatory period (review, testing, saving, etc.) become part of the management system. In case of an emergency, simulation tests help in the correct application of the plans.
Major use cases of SeCube GRC
ISO9001 QM:The software supports the standard with process inventorying, internal audit support, and business risk analysis, and it also provides the opportunity for integrated management with the ISO27001 standard.
GDPR: The data protection focused functions support the keeping of data processing activity, personal data, and incident records and the implementation of data protection compliance assessments and risk analyses (DPIA).
ISMS: The fundamental goal of SeCube GRC is to create and maintain an Information Security Management System (ISMS) for an organization and to provide integrated support to its asset components, the control environment, the audits thereof, and RISK and BCM activities.
Business Continuity Management: One of the aims of the BCM module is to support the entire business continuity lifecycle during planning / preparation / testing and in case of emergency applications. With the use of the software, the creation of BC plans that can be flexibly developed and the maintenance of applicability becomes a living company process.
Business Impact Analysis: Organizational surveys can be made pertaining to the material and immaterial damages resulting from possible threats to business processes / data / systems. Based on the impact analyses, resources can be grouped into CIA categories, and support can be provided to risk analysis and business continuity management planning tasks.
RISK – ERM
Enterprise Risk Management: he RISK module supports CIA information security risk analysis and even the concurrent execution of other physical, human, business, and risk analyses, the results of which are continuously managed in an integrated manner to implement the entire, single enterprise risk management process.
Audit & Compliance
Compliance: The express aim of the Compliance module is to provide support to audit-type activities. More than 40 Hungarian and international requirement collections and assessments pertaining to customizable audit packages (e.g. ICR) can be run, even concurrently. The deficiencies that are left out in the course of the assessments are placed in a finding management function, and the implementation of corrective measures can be continuously monitored, supplemented with detailed compliance reports.
DRP- ITSCM: We recommend the BCM module for Operation Managers, which allows system responsible persons to plan their recovery plans on interactive surfaces with the support of preparatory and testing tasks. With the use of the software, the creation of IT DR plans and the maintenance of applicability becomes a living IT operations process, including the generation of Word documents as necessary.
The integrated management of company security
One company, one security management solution
Uniform and integrated methods and records, the integrated support of the large variety of the results of security areas and processes and of cooperation, ensuring consistent and current results (reports, plans).
Resources, services, data asset, business processes needed for organizational operation, and a comprehensible structure defining their relation. Risk, BCM, and Compliance management in a unified system, with the development and maintenance of risk-proportionate protection.
Wiping out one-off result products
The risk analysis report, BCP, DRP, GDPR, and compliance reports are no longer one-off results. Instead, they are processes that can be easily maintained with the effective use of inputs that offer up-to-date reports that can be generated as required. This results in a reduction in human resource requirements.
The tasks previously implemented to maintain compliance can, in addition to merely ensuring compliance, become actual security management processes and results with auditable and reproducible results.
Creation of a common language for business areas and internal service providers, such as between IT and security. Reducing key-person dependency, common knowledge base. Support of security decisions and security management resource and cost optimization.
IT services: 4
Water management: 2
Law enforcement: 2
REFERENCES BY INDUSTRY
The planned management of security is an important need in all sectors; accordingly, the SeCube GRC solution we offer has a wide range of industry, government, and market references.
“In the Master's program in Cyber Security at the University of public services Hungary, KÜRT experts teach risk analysis using their SeCube GRC system. In the lectures, students will learn about the methodology and functions of SeCube risk management and the placement of these activities in an enterprise information security GRC system. And during the practical training they can try to apply all this. In the SeCube system, students can perform risk analysis tasks on an imaginary company.”
Dr. Krasznay Csaba – associate professor
“One of the biggest benefits of using SeCube is that its risk assessment not only examines the availability of resources that directly generate business data, but also the interplay between all the processes involved in generating the data and the components that support their operation. This allows us to manage risk with amazing depth.”
“For years, we have been using our SeCube application to maintain our ISO 27001-certified security management system, which allows us to manage our information security responsibilities, business continuity and risk management activities in a unified, transparent manner. What’s more, with the help of SeCube, we can also perform tasks required by the Hungarian Information Security Act.”
Hegedűs Zoltán – CISA, CISM, CRISC
“TalentWorldGroup is proud to work as a partner with KÜRT Zrt. In many areas of IT security, including international data security, cyber security, GDPR compliance, incident management and business continuity management. Their modular GRC system, SeCube, enables the transparency and controllability of our organization’s Information Security Management System (ISMS). In the case of all our new customers, all our processes are audited in detail, which, thanks to our cooperation with KÜRT Plc. - and since the implementation of their SeCube software - our company goes through the audit like a hot knife. We thank the KÜRT team for their attention to detail, professional and friendly customer service, trainings and a world-class solution! ”
Andrew Harmati, CEO – TalentWorldGroup Plc.