Structure of SeCube
The software SeCube IT GRC is a system consisting of components that can be modularly fitted in a single framework. The system is controlled by workflows, and supports analytical and planning activities as well as maintenance, which enables the organization’s information security management system (ISMS) to be developed, to be transparent and controllable.
SeCube framework supports multiple-level control
- You can create so called Projects. A project is an independent working unit, which can represent a company for instance.
- The business functionality of SeCube is covered by separate software components, by modules. Modules can be activated in the projects. Modules can function on their own, and have their own workflow and resulting products. Naturally, when modules are used together, they use each other’s data in an integrated and transparent manner.
- The workflow system assists the user to execute the analysis and design steps of individual modules, and enables the user to work in workflow steps. Each workflow step has its advanced validation check, thus supporting the permanent consistency of end results.
The self-contained modular structure enables the use of a partial license configuration containing only the selected modules needed to meet current business needs, according to the current objectives of the Client.
Current modules of the SeCube IT GRC v3 framework
All relevant resources needed for the functioning of the organization can be sorted into a hierarchy and relationships, thus modeling the normal operation of the company.
- GDPR module
Data protection processes and personal data register. GDPR GAP analyses and Data Protection Impact assessment with privacy risk treatment functions.
- BIA module
Potential damage occurring as a result of malfunctioning business activities, IT systems or data loss can be assessed using a business impact analysis, consequently the value of Inventory resources can be defined.
- Risk management module
Risks can be analyzed and managed via detailed risk analysis steps.
- Compliance module
Assessment of compliance with standards, regulations and optional requirement lists and management of findings.
- BCM module
Full support of IT and business recovery planning and continuity management.
- Governance module
Support of general information security tasks.
Short version history of SeCube
- The purpose of the first main version (~2011) was providing internal support for client projects of Kürt information security consultancy company, therefore, the uniquely flexible customizability of the software is a priority requirement from the beginnings.
- The second main version (~2013) was aimed at creating a target software for Clients, which enables them to fulfill analysis and planning tasks independently using workflow steps as well as produce results (risk analysis, IT and business continuity planning).
- However, the objective with the third main version (~2015) was to develop an IT GRC software complete in terms of its functionality, which not only supports analysis and planning tasks effectively, but also puts special emphasis on maintaining results and change management, hence supports the continuous control of information security.