Enterprise tool based
Consultation & Implementation
GRC - Governance Risk and Compliance
Governance, Risk, and Compliance Management
Governance, Risk Management, and Compliance (GRC) are three pillars that work together for the purpose of assuring that an organization meets its objectives. They will be explored and their definition will be provided in detail in this article. Governance is the combination of processes established and executed by the board of directors that are reflected in the organization’s structure and how it is managed and led toward achieving goals. Risk management is predicting and managing risks that could hinder the organization to achieve its objectives. Compliance with the company’s policies and procedures, laws and regulations, strong and efficient governance is considered key to an organization’s success.
ITSM - Information Technology Service Management
IT Service Management (ITSM)
IT Service Management (ITSM) is a process-based approach to aligning the delivery of information technology (IT) services with business goals.
IT Service Management is a strategic approach to designing, delivering, managing and improving the way information technology (IT) is used within an organization. The goal of IT Service Management is to ensure that the right processes, people and technology are in place so that the organization can meet its business goals. The term IT Service Management is often associated with ITIL (Information Technology Infrastructure Library), a framework that provides best practices for aligning IT with business needs.
DLP - Data Loss Prevention
DLP
Data loss prevention (DLP) is an important issue for enterprise message systems because of the extensive use of email for business critical communication that includes sensitive data. In order to enforce compliance requirements for such data, and manage its use in email, without hindering the productivity of workers, DLP features make managing sensitive data easier than ever before.
Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake. Such sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry.
BI - Business Intelligence
BI
Business intelligence (BI) is a technology-driven process for analysing data and presenting actionable information to help corporate executives, business managers and other end users make more informed business decisions. BI encompasses a variety of tools, applications and methodologies that enable organizations to collect data from internal systems and external sources, prepare it for analysis, develop and run queries against the data, and create reports, dashboards and data visualizations to make the analytical results available to corporate decision makers as well as operational workers.
IT Governance
IT Governance
Information and technology (IT) governance is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT governance is due to the on-going need within organizations to focus value creation efforts on an organization’s strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system.
ERM - Enterprise Risk Management
ERM
Enterprise Risk Management (“ERM”) is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.
ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization’s objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.
Payment Card Industry
PCI
The payment card industry consists of all the organizations which store, process and transmit cardholder data, most notably for debit cards and credit cards. The security standards are developed by the Payment Card Industry Security Standards Council which develops the Payment Card Industry Data Security Standards used throughout the industry. Individual card brands establish compliance requirements that are used by service providers and have their own compliance programs. Major card brands include American Express, Discover Financial Services, Japan Credit Bureau, MasterCard Worldwide and Visa International. Most companies use member banks that connect and accept transactions from the card brands. Not all card brands use member banks, like American Express, these instead act as their own bank.
BC - Business Continuity
BC
It is about building and improving resilience in your business; it’s about identifying your key products and services and the most urgent activities that underpin them and then, once that ‘analysis’ is complete, it is about devising plans and strategies that will enable you to continue your business operations and enable you to recover quickly and effectively from any type disruption whatever its size or cause. It gives you a solid framework to lean on in times of crisis and provides stability and security. In fact, embedding BC into your business is proven to bring business benefits.
Business Continuity Management (BCM) is defined as a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. (Source: ISO 22301:2012)
DR - Disaster Recovery
DR
Disaster recovery the way an organization can prepare for and aid in disaster recovery. It is an arrangement agreed upon in advance by management and key personnel of the steps that will be taken to help the organization recover should any type of disaster occur. These programs prepare for multiple problems. Detailed plans are created that clearly outline the actions that an organization or particular members of an organization will take to help recover/restore any of its critical operations that may have been either completely or partially interrupted during or after (occurring within a specified period of time) a disaster or other extended disruption in accessibility to operational functions. In order to be fully effective at disaster recovery, these plans are recommended to be regularly practiced as well as outlined.
Business Impact Analysis
BIA
A business impact analysis (BIA) predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment. Operations may also be interrupted by the failure of a supplier of goods or services or delayed deliveries. There are many possible scenarios which should be considered.
It is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency. A BIA is an essential component of an organization’s business continuance plan; it includes an exploratory component to reveal any vulnerabilities and a planning component to develop strategies for minimizing risk.
Security Information and Event Management
SIEM
The underlying principle of a SIEM system is that relevant data about an enterprise’s security is produced in multiple locations and being able to look at all the data from a single point of view makes it easier to spot trends and see patterns that are out of the ordinary. SIEM combines SIM (security information management) and SEM (security event management) functions into one security management system.
A SIEM system centralizes the storage and interpretation of logs and allows near real-time analysis which enables security personnel to take defensive actions more quickly. A SIM system collects data into a central repository for trend analysis and provides automated reporting for compliance and centralized reporting. By bringing these two functions together, SIEM systems provide quicker identification, analysis and recovery of security events. They also allow compliance managers to confirm they are fulfilling an organization’s legal compliance requirements.
Idendity and Access Management
IAM
IAM technology can be used to initiate, capture, record and manage user identities and their related access permissions in an automated fashion. This ensures that access privileges are granted according to one interpretation of policy and all individuals and services are properly authenticated, authorized and audited. IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements. This security practice is a crucial undertaking for any enterprise. It is increasingly business-aligned, and it requires business skills, not just technical expertise.
Asset Management
AM
ISO 55000 defines Asset management as the “coordinated activity of an organization to realize value from assets”. In turn, Assets are defined as follows: “An asset is an item, thing or entity that has potential or actual value to an organization”. This is deliberately wider than physical assets but these form an important focus for more organizations.
(NB there are important qualifying Notes to these definitions, which are set out in ISO 55000). Asset Management involves the balancing of costs, opportunities and risks against the desired performance of assets, to achieve the organizational objectives. This balancing might need to be considered over different timeframes. Asset management also enables an organization to examine the need for, and performance of, assets and asset systems at different levels. Additionally, it enables the application of analytical approaches towards managing an asset over the different stages of its life cycle (which can start with the conception of the need for the asset, through to its disposal, and includes the managing of any potential post disposal liabilities).
Unified Threat Management
UTM
Unified threat management (UTM) is an approach to security management that allows an administrator to monitor and manage a wide variety of security-related applications and infrastructure components through a single management console.
The worldwide UTM market was approximately worth $1.2 billion in 2007, with a forecast of 35-40% compounded annual growth rate through 2011. The primary market of UTM providers is the SMB and enterprise segments, although a few providers are now providing UTM solutions for small offices/remote offices.
The term UTM was originally coined by market research firm IDC. The advantages of unified security lie in the fact that rather than administering multiple systems that individually handle antivirus, content filtering, intrusion prevention and spam filtering functions, organizations now have the flexibility to deploy a single UTM appliance that takes over all their functionality into a single rack mountable network appliance.
Enterprise backup
EP
Many of the features available in today’s server backup software are the ones that make your job easier. For assistance with backing up your servers easily, consider one of our top recommendations. All three provide excellent scalability options.
You’ve built your data centre and need to protect it. You’ve standardized on your servers, storage, and virtualization environment. You don’t need more hardware; instead, you need adaptable and agile backup software that will execute within your existing capital infrastructure.
Endpoint Security
ES
Endpoint security is an approach to network protection that requires each computing device on a corporate network to comply with certain standards before network access is granted. Endpoints can include PCs, laptops, smart phones, tablets and specialized equipment such as bar code readers or point of sale (POS) terminals.
Endpoint security systems work on a client/server model in which a centrally managed server or gateway hosts the security program and an accompanying client program is installed on each network device. When a client attempts to log onto the network, the server program validates user credentials and scans the device to make sure that it complies with defined corporate security policies before allowing access to the network. Required elements may include an approved operating system, a VPN client and anti-virus software with current updates. Devices that do not comply with policy are given limited access or quarantined on a virtual LAN (VLAN).
Device Management
BYOD
Device management provides a way to uniformly notify all applications and system features of changes that may affect their operation or access to resources. Applications and the system use and process device events to take advantage of new resources when they become available and to prevent loss of data when existing resources become unavailable. The system uses messages to notify applications of device changes and power changes. Device messages notify applications of device change events; power messages notify applications of power management events. Applications and drivers can also define and use custom messages to enable notification of other types of events.
Endpoint security is an approach to network protection that requires each computing device on a corporate network to comply with certain standards before network access is granted. Endpoints can include PCs, laptops, smart phones, tablets and specialized equipment such as bar code readers or point of sale (POS) terminals.
Endpoint security systems work on a client/server model in which a centrally managed server or gateway hosts the security program and an accompanying client program is installed on each network device. When a client attempts to log onto the network, the server program validates user credentials and scans the device to make sure that it complies with defined corporate security policies before allowing access to the network. Required elements may include an approved operating system, a VPN client and anti-virus software with current updates. Devices that do not comply with policy are given limited access or quarantined on a virtual LAN (VLAN).