Challenges and answers
Govern your information security
- Integrated support and management of extensive information security processes.
- Resources, services, data asset, business processes needed for organizational operation, and a comprehensible structure defining their relation.
- Risk-analysis and risk management, BCP and DRP planning as well as IT audit in one single system, thus providing real potential for the development and maintenance of risk-proportionate security.
- Investment and development decision support, IT resource and cost optimization, underpinned by risk and compliance needs.
Wiping out one-off deliverables
- Risk-analysis reports, DR and BC plans or compliance reports are no longer one-off results. Instead, they should rather be considered as up-to-date reports ready to be generated with the press of a button, offering a cost-efficient and streamlined maintenance
- Workflow steps in modules are completed with extensive validation and consistency testing functions, thus supporting the correctness and actuality of deliverables.
- The time-consuming factor and human resource demand of the analysis and planning procedures, and in particular those of maintenance tasks, are significantly reduced.
Legislation and standard compliance
- Results ready to be audited or reproduced.
- Achieve compliance with information security legislations (e.g. HIPAA) and international standards (ISO, NIST etc.) and their cost-efficient maintenance.
- Specific support for the acquisition and holding of the ISO/IEC 27001 standard
- Specific support for compliance with the Act on Information Security (Hungary) by the classification of information systems, the assessment of the actually achieved grade, reporting and action plan compilation, accompanied by the continuous maintenance of the above.
- Support for compliance with information technology requirements concerning financial institutions.
- Support for meeting legislative requirements for critical infrastructures.
Controlled group-work and change tracking
- Multi-user working environment; support for the controlled cooperation of several organizations and groups, ensure compatible outputs.
- Creation of a common language for business areas and internal service providers (e.g. IT).
- Mitigation of key-person dependency, common knowledge base.
- Customizable role-based access rights management.
Developed analytical algorithms
- In addition to simple user-friendly administrative functions, advanced analytical functions support facilitated analysis, deductions and decision makings.
- Incident simulation abilities, the mapping of sensitive and single points of failure (SPoF) in the operation model.
- Dependency graph analyses and visualization abilities; the spread of threats among system components as well as the business impacts of the former are visualized, available for follow-up and analysis
- Threat and vulnerability data based on international standards, best practices and KÜRT project experiences, accompanied by successful methodologies applied in a high number of projects.
- Extensive data import and/or export capabilities, on-line MS Excel interface
- Capable of carrying out full-scope corporate risk analysis and risk analysis for ad hoc decision-making processes at the same time.