The design, operation, use of and management of information systems is subject to statutory, regulatory and contractual security requirements. Companies have legal and fiduciary duties to comply with requirements to ensure that criteria are met or surpassed.
The purpose of the Compliance is to ensure computational environment, users, employees, contractors and service providers comply with Corporate Security Governance and align with ISO27001, ISO27002 (formerly ISO17799), ISO27005 standards, COBIT, ITIL, CSA MI 52-109, SOX, Bill-198, PIPEDA, PCI-DSS, GLBA, pHIPA, HIPAA, BASEL II, NERC CIP and Best Practices.
Different levels of Clients organizational structure will benefit from the RSS Inc. compliance solutions that are catered accordingly.
FOR C-LEVEL EXECUTIVES
The ultimate responsibility for information security resides with the Board of Directors in its role as keeper of the governance framework. A common challenge faced by executives is the ability to understand the changing and complex regulatory and governance requirements and its impact on corporate business model and environment.
Security compliance is an area starting to be recognized by the executives to meet regulatory and governance demands for enterprise-wide information security. A number of existing laws, rules, and regulations cite information security performance measurement as a requirement.
The outcomes of RSS Inc. security compliance will be presented using CMM levels that are catered for C-level executives that will be used to assist them in long term planning.
FOR MANAGEMENT TEAMS
The clients’ management team can capitalize on RSS Inc. experience establishing KPIs, dashboards, scorecards and other metrics required to measure the enterprise-wide security implementation and compliance.
The outcomes of security compliance will be presented using a combination of CMM levels and statistical data that are catered for management teams. Management teams can use this information for mid-term planning and providing ad-hoc reports to senior management.
The main offerings for Management team include:
KPIs - transforms security governance into action and measures performance
Dashboards - provides information ability to present and summarize information in
an easy-to-understand graphic, drill-down capabilities and an ability to support standards
and regulations of the information security industry
Balanced scorecard - a concept for measuring a company's activities in terms of its vision
and strategies, to give managers a comprehensive view of the performance of a business
Summary Reports - a summary description of a security event as an outcome of analysis
FOR ENTERPRISE SECURITY TEAMS
Enterprise Security Teams will benefit by having different automated statistical data or ad-hoc generated data on a ‘need-to’ base.
The outcomes of security compliance will be presented using statistical data that are catered for Enterprise Security Teams to be used for planning for short-term implementation of security events/incidents remediation.
The main offerings for Security team include:
Alerts - a warning or alarm of an ongoing security event or suspicious activity
Tickets - a descriptive documented analysis of a suspicious activity and with the request
Daily Statistics – used to provide real numbers to daily events, based upon different
technologies, to be used in trending
Early Warning Alerts – notifications of new found vulnerabilities (hardware and software)
applicable to corporate environments
Detailed reports - a detailed description of a security event as an outcome of network