Compliance Manager - TraceSecurity

Security Assessment Risk Assessment IT Security Audit Penetration Testing Social Engineering Application Testing Wireless Assessment Security Training

Products

Regulatory Compliance Software – TraceCompliance Manager Risk Management Software – Trace Risk Manager IT Audit Management Software – Trace IT Audit Manager Compliance Monitoring Software – TraceComply Vulnerability Scanner – TraceAssess Policy Management Software – TracePolicy Training Software – TraceTrain Security Awareness Program Information Security Policy Development TSCM Implementation Program Security Compliance Tools

Secure Communications – TraceTunnel Multi-Factor Authentication – TraceAuthenticate

Industries

Credit Union Banking General Business / Retail Education Government Healthcare Electric Power

Resource / Media Center

In the News Events Webcasts Educational Articles Customer Successes Whitepapers Press Releases Video Testimonials Security Awareness Toolkit

Company

Overview Management Board Contact Us Partners Associations Careers Support

At the core of our security compliance solutions is TraceSecurity's ComplianceManager™(TSCM), the first cloud based platform to integrate all the vital information and tasks necessary to maintain security compliance into a centralized interface. This allows organizations to streamline security compliance procedures, simplify the processes involved with IT risk management, and improve their security compliance program.

TSCM combines information about informational & physical assets, policies, vulnerability data, and compliance regulations into a centralized system to evaluate an organization's overall security posture and determine if the institution is meeting regulatory and compliance standards.

This comprehensive solution automates multiple processes that previously could only be performed manually, including risk assessments, vulnerability assessments and alerting, regulatory compliance audits, policy management and dissemination, file/URL integrity monitoring and employee education and testing.

Organizations receive significant advantages by using TSCM:

Automates the risk assessment process with a comprehensive set of compliance tools
Helps meet and exceed IT Security Compliance regulatory requirements, including the new FFIEC Guidance
Automatically updated when new threats, vulnerabilities, policies and regulations change
Eliminates unnecessary IT, vendor and employee expenses
Develops standard, repeatable compliance processes
Reduces the amount of time preparing for examiners and audits
Improves the process of creating and disseminating policies
Enhances security compliance and awareness training programs

TSCM includes the following standard modules:

TCSM Module	Benefits
TSCM Dashboard	The Dashboard provides a snapshot view into vulnerability status, policy acceptance, compliance statistics, etc.
TraceAssess	Allows the organization to conduct unlimited, on-demand network vulnerability scanning. MORE DETAILS
TraceComply	Facilitate an ongoing review of its compliance with relevant industry security requirements. MORE DETAILS
TracePolicy	Reduces cost and effort in creating/distributing policies and reporting on acceptance of those policies. MORE DETAILS
TraceTrain	Allows the creation of internal training of employees on policies, security and other topics. MORE DETAILS
TraceReport	Provides on-demand board, management, auditor, and technical reporting for all TSCM modules.

The following modules may be added to expand TSCM's functionality:

TSCM gives organizations the ability to:

Streamline Security and Vulnerability Assessments

Schedule and perform on-demand vulnerability assessments

Produce 3rd party expert verified and false-positive tested assessments at any time

Comprehensive report delivered via TSCM within 2 business days

Develop a repeatable process for successive assessments

Automate the Risk Assessment and IT Audit Processes

Streamlines the Risk Management and IT Audit processes through a preconfigured framework of threats, assets and controls

Develops a standard, repeatable audit process

Creates reports to prepare the IT department for audits

Facilitate Security Compliance Tracking and Reporting

Applicable regulations/best practices to monitor and self assess

Customizable reporting for Management, board, & auditor reports

Online database for up-to-date regulations and best practices

Customizable alerting to new or modified regulations

Develop and Disseminate Policies Through a Centralized System

Create policies based on templates that meet applicable regulations

Upload all organizational policies into a centralized database

Modify existing policies and alert employees on the changes

Disseminate policies to appropriate employees and track acceptance

Printable reports for internal use or examiners

Develop and Manage an Information Security Training Program

Deliver customized training courses via a centralized online system

Administer tests for each course, send notifications, & track results

Generate comprehensive reports for internal use or examiners

Compatible with third-party web-based training

TraceSecurity's ComplianceManager helps reduce the burden of managing a security compliance program.

Pre-configured software: Complete with a matrix of options in easy-to-navigate menus, reducing the amount of configuration and helps eliminate errors.

Multiple levels of support: Customers have access to experts for assistance with a variety of compliance-related needs.

Independent of institution’s network: TSCM is cloud-based software, so there is no need to perform updates or maintenance.

A scalable solution: TSCM can be modified and enhanced as the security needs of the organization mature.

Customizable and integrated reports: TSCM can integrate results from several processes in order to generate customizable, easy to read reports that help streamline the audit process.

A cost-effective solution: TSCM offers a variety of security compliance tools, which helps eliminate or reduce costs of managing multiple technology vendors, purchasing unnecessary hardware, and expenses associated with deploying in-house IT resources.

An information security program should include ongoing network vulnerability testing. The TraceAssess module of TSCM is an automated vulnerability assessment utility that evaluates a network for security risks. The TraceAssess scanner is delivered through a VMware Player eliminating the need to purchase a hardware appliance. The interface to TraceAssess is through the SaaS based TSCM portal making it available anywhere.

Key Features and Benefits of TraceAssess include:

Template based scan configurations for consistent, repeatable process

Port scan, vulnerability scan or simultaneous scan
Test Single IP address or a range if IP addresses
User definable "exclude" IP address list
Network Discovery option
Configurable Signature Scanning

False Positive Management

Template Groups to combine multiple templates

Scheduler Frequency (once, daily, weekly, biweekly, monthly, bimonthly, quarterly, yearly)

Filter Results based on custom criteria
(Risk level, classification, status, assignee, etc)

TraceAssess can be used as a standalone solution or integrated with other TSCM modules. Summary dashboard reporting provides a quick view of vulnerability data to allow for immediate awareness of network vulnerabilities. In-depth reporting is available for system administrators, managers, board of directors and auditors.

A proper Information Security Program should be in compliance with applicable Regulatory and Best Practices requirements. Common issues with preventing compliance with these requirements include: lack of expertise and understanding of the regulations, employee time involved reporting on compliance, and monitoring new or modified requirements.

TraceSecurity has developed TraceComply, a module of TSCM that facilitates security compliance tracking and reporting. TraceComply allows the user to choose applicable regulations and/or best practices to monitor and self assess for compliance.

Key Features and Benefits of TraceComply include:

Online regulatory self assessment solution

Choose regulations and/or best practices applicable to the organization
A single answer addresses all regulations with similar requirements, reducing completion time
Note fields to provide explanation
Results can be saved for later completion

Customizable compliance reporting

Management, board of directors, & auditor reports
Filter for laws, guidelines or standards
Dashboard detailed and summary reporting
Printable reports

Online database for current regulations & best practices

Customizable alerting to new or modified regulations and/or best practices

Utilizes "Assets" and "Vendors" to provide segmentation of compliance at the Asset or Vendor Level

Includes information on the regulations, code, related policy and other reference materials

TraceComply can be used as a standalone solution or integrated with other TSCM modules. Summary dashboard reporting provides a quick view of compliance data to allow for immediate awareness of gaps in compliance. In-depth reporting is available for managers, board of directors and auditors.

Compliance Overview

To effectively implement an Information Security Program, the organization must address vulnerabilities associated not only with its technology, but also with its people and processes. Organizations must implement best practices that help prevent employees from engaging in behaviors that can compromise sensitive data.

These best practices include:

Defining appropriate policies and procedures governing employee behavior in regards to information security

Educating employees about relevant policies and procedures

Verifying their understanding of relevant policies and procedures

Managing change over time – including changes in staff, changes in the IT environment, and changes in the nature of present threats

While TracePolicy was originally designed to facilitate an Information Security Program, the solution should be used by all organizational departments, including Human Resources, to efficiently manage all departmental policies. This allows an organization to have a centralized online policy management system for all organizational policies.

Key Features and Benefits of TracePolicy include:

Ability to Develop Information Security Policies

Templated questionnaires that facilitate the creation of policies to meet applicable regulations (with additional Best Practices templates as needed)

Upload/Modify Existing Policies

Upload all existing organizational policies for one centralized database
Modify existing policies and update employees on the current policy

Disseminate Policies

Simplified distribution through email notification
Online employee policy review and acceptance
Ability to group employees to only receive policies that are applicable to the specific group

Centralized, online policy management and reporting accessible by authorized users anywhere & anytime

Automatic email alerts for employees that have not accepted policies

Printable policies and reports

TracePolicy can be used as a standalone solution or integrated with other TSCM modules. Summary dashboard reporting provides quick view of policy data to allow for immediate awareness of gaps in policy acceptance. In-depth reporting is available for managers, board of directors and auditors.

Compliance Overview

To effectively implement an Information Security Program, the organization must address vulnerabilities associated not only with its technology, but also with its people and processes. The "people" vulnerabilities are one of the largest risks associated with an Information Security Program, and also, one of the most overlooked areas. An organization must implement an employee training program designed to help prevent behaviors that can compromise sensitive data.

The training program should:

Educate employees on the Information Security policies and procedures

Manage training requirements related to changes in staff, IT environment, organizational risk, or policies/procedures

Verifying their understanding of relevant policies and procedures

While TraceTrain was originally designed to facilitate an Information Security Program, the solution should be used by all organizational departments, including Human Resources, to efficiently manage all departmental training.

This allows an organization to have a centralized training program for all organizational training.

Key Features and Benefits of TraceTrain include:

Customizable training relevant to an organization’s Information Security Program

Administrator defined Courses
Compatible with third party web based training

Create Training Groups

Automatic email notification of required training
Deliver training applicable to specific employees

Centralized, Online Training Management & Reporting

Reduces business impact related to live training
Modify existing policies and update employees
On-demand training provides flexible training times
Email alerting on required training
Track Training status by user or department
Printable training materials and reporting

Test employees' understanding of training courses

Customizable testing for each training course
Track Testing status by user or department

Centralized, online policy management and reporting accessible by authorized users anywhere & anytime

Eliminates paper-based systems

TraceTrain can be used as a standalone solution or integrated with other TSCM modules. Summary dashboard reporting provides quick view of training and testing data to allow for immediate awareness of gaps in employee security awareness. In-depth reporting is available for managers, board of directors and auditors.

Why does an organization need an ongoing Information Security Program?

A basic Information Security Program is needed in order to meet many of the regulatory requirements facing an organization, as well as an important first step in protecting its critical information. However, because the people, processes and technology of an organization are continually changing, the security threats to that organization are also changing. Therefore, in order to identify new threats and prevent a security breach, an organization must have an ONGOING Information Security Program.

How can organizations “Jump Start” their Information Security Program?

Regulatory requirements insist organizations have regular Security Assessments performed by an independent third-party who is in no way responsible for the design, maintenance or administration of the network infrastructure or its security controls. Moreover, organizations are also required to have an ongoing security testing program that include periodic self assessments.

By choosing TraceSecurity to perform a Comprehensive Security Assessment, customers get the benefit of having ongoing access to the same tools and customized information that TraceSecurity analysts used to perform the initial assessment through TSCM. This combination of service and software solutions not only satisfies the requirements of independent assessments, but also helps quickly establish a solid foundation for an ongoing self assessment program in a cost-effective manner.